IoT Expansion Poses Security Threat

By Brian Albright, Field Technologies

According to new data from International Data Corp. (IDC), worldwide spending on the Internet of things (IoT) was set to reach $737 billion in 2016, experiencing a compound annual growth rate of 15.6% from 2015 to 2020. At that rate, the market could reach $1.29 trillion.

That growth is continuing despite widespread security concerns. The IoT will create a number of security vulnerabilities, some of which are already becoming readily apparent. Many device manufacturers are not taking proper security measures in designing connected assets, despite the fact that those assets could be used for denial of service (DOS) and other types of attacks.

Recently, there was a massive cyberattack against domain name system provider Dyn that appears to have been launched using the Mirai IoT botnet. The October attack took down a number of large websites, and involved 100,000 Mirai-infected IoT end points. Connected devices can be recruited into botnets for these types of attacks.

Many of these devices either don’t have passwords or use default login credentials which users are unlikely to change because the items typically don’t have a user interface.

According to this piece in ZDNet, some of these problems (like plain text credentials) were once common among Bluetooth devices or Windows 98 machines, but have long since been considered rectified – until the IoT.

Carl Herberger, vice president of security solutions at Radware, also warned about IoT vulnerabilities in another thought piece. He predicts an upswing in IoT-related ransom attacks as hackers use connected devices to shut down access to smart home systems, vehicles, and other equipment.

According to Herberger: “Today, a simple use of telnet and a limited list of factory default usernames and passwords can harness botnets of incredible size. As the space accelerates toward billions of connected things in the next few years, those botnets will only continue to grow if devices aren’t secured.”

IoT device are also vulnerable to permanent denial of service (PDoS) attacks, which replace a device’s software or firmware, in effect “bricking” the device.

Possible solutions include adhering to basic security protocols (like ensuring the use of secure passwords), device fingerprinting, and automated approaches for responding to botnet attacks.

For systems that could potentially affect safety (like connected transit, smart cars, or industrial controls), federal regulation may be necessary to ensure a uniform approach to security.

This will require leadership on security in the industries embracing the IoT – particularly those that aren’t typically targeted by hackers. According to IDC, manufacturing, transportation, and utilities will make the largest investments in IoT. Consumer IoT purchases were the fourth largest segment in 2016. Connected vehicles and smart buildings will also rank high over the next five years.

In the manufacturing space, companies will use the technology for production asset management, maintenance, and field service applications. Freight monitoring will drive most of the spending in transportation.

"A fairly close relationship exists between high growth IoT use cases in consumer product and service oriented verticals like retail, insurance, and healthcare," says Marcus Torchia, research manager, IoT, with IDC's customer insights and analysis team. "In some cases, these are green field opportunities with tremendous room to run. In other verticals, like manufacturing and transportation, large market size and more moderate growth rate use cases characterize these verticals. As a whole, the IoT opportunity is a diverse developing market place for vendors and end users alike."

As these companies expand their use of the IoT, they will need to pay close attention to the way they approach security for their connected assets.