The Internet of Things isn’t a new concept – but it’s certainly one that has gained momentum, particularly within the last year. Recently, we’ve seen more and more connected devices come to market. While connecting our world may bring added convenience to our everyday lives, it’s important to question what we may be sacrificing from a security perspective.
Back in April, news broke around a software glitch that enabled hackers to take control of a Jeep Cherokee while on the road. Cybersecurity experts Charlie Miller and Chris Valasek, working from laptop computers at home, were able to break into the Jeep’s electronics through the entertainment system. The experts were then able to change the speed of the vehicle, alter its braking capability, and manipulate both the radio and windshield wipers. The two described the hack as “fairly easy” and “a weekend project.”
It was recently discovered that not even Tesla Motors is immune to being hacked. This, again, was an attack orchestrated through the car’s entertainment system, though it took closer to a year to pull off. Researchers were able to apply the emergency hand brake, remotely lock and unlock the car, and control the touch screen displays. There is good news – Tesla has already developed a fix, which has been sent to all of the affected vehicles.
Something rarely discussed that warrants consideration from both security professionals and consumers alike is the danger brought on by seemingly innocuous connected products (think: “smart fridge” or “connected toaster”). While the thought of a hacker gaining control of a refrigerator is perhaps less daunting than the idea of them taking control of your steering wheel while on the highway, the reality that these products may serve as a gateway to more sensitive information is something that cannot be ignored.
Just a few weeks ago, a team of hackers uncovered a man-in-the-middle vulnerability in a Samsung smart refrigerator that showed it could be exploited to steal Gmail users’ login credentials. What’s most concerning about this is hackers were able to access a sensitive network, containing users personally identifiable information, through hacking into the refrigerator.
There has been a lot of fear around smart medical devices – but this is one area that may be considered more IoT “myth” than “reality.” Most medical devices don’t currently appear to be connected to the Internet, but rather through Bluetooth. Additionally, because most medical appliances are smaller scale, it’s virtually impossible to integrate a mobile phone connection into devices of this size. Consumer fears around having cellular waves inside the human body have also kept these devices from operating on a mobile phone connection.
Fears around connected smart watches may also be considered an IoT “myth,” at least at this stage, as most are not directly connected to the Internet. That being said, last month HP did discover some major areas for concern, finding that most smart watches did not have two-factor authentication, were vulnerable for man-in-the-middle attacks, and had poor firmware updates.
It’s an interesting debate – and one that will undoubtedly continue as more companies introduce products to compete in this space. What do you think about security risks with the Internet of Things? Weigh in with us on Twitter and Facebook. Be sure to check out our Tumblr for the latest industry news stories.