Security Fears and Privacy Concerns in the IoT Connected Age (and How to Overcome Them)

by Carmen Apostu
Blog Post

The Internet used to be so simple, even just a decade ago. It was used primarily to gain and exchange information, communicate with one another, or watch cute cat videos.

Sure, things like malware and viruses still wreaked havoc on people’s computers, but they weren’t anything good antivirus software or a Geek Squad couldn’t fix.

Today, smart technology has changed many things.

People are connected more than ever before. If they’re so inclined, their entire home could be “smart”: their light switches, televisions, power outlets, appliances, and energy can all be managed remotely via network infrastructure. Driverless cars are actively being developed.

This is indeed the era of the Internet of Things (IoT).

There still are many kinks that need to be worked out, but the future that only existed in sci-fi novels is one step closer. It also brings a host of problems that didn’t exist with “simpler” Internet technology a decade ago.

The Internet is a decidedly hostile place now. It is unlikely people are being specifically targeted, but they exist online in the form of numbers and letters that any motivated hacker can access. It’s impersonal and lacks privacy.

The hackers don’t even need to be vigilantes wanting to expose some big government secret; the average age of cyber criminal suspects is shockingly only 17 years old, according to the National Crime Agency. No longer is anyone immune to identity thefts and data breaches.

The Most Common IoT Security and Privacy Concerns

Mobile Devices

It’s been some years since the number of mobile users surpassed those of desktop users. Mobile devices are becoming more like handheld computers in what they’re capable of doing (typically through applications). They are deeply entrenched in people’s daily lives, from shopping, entertainment, banking, to everything else imaginable.

Though slow to adopt, more and more businesses are accepting Apple Pay and PayPal. Things like mobile payments are open to a new set of vulnerabilities.

For companies, employees with mobile devices are a double-edged sword. On one hand, it’s convenient if employees can access their work from anywhere. On the other hand, the cost of that is the potential for data breach.

Key Stat: According to a study from Ponemon Institute, just one mobile device infected with malware can cost a company an average of $9,485.

How exactly does an employee’s mobile device get infected? One answer is through apps.

When employees download apps on their smartphone that double as the work phone, they give permission to those apps to access certain things on their phone. An amazing amount of personal and corporate data can be sent to a remote server somewhere in the process.

Anything that’s connected to a network, such as in-car systems, has the potential to be breached. Computer security researchers recently discovered that Nissan’s Leaf car app could be used to remotely break into Nissan Leaf’s in-car systems.

Key Stat: Gartner estimates that by 2017, apps will be responsible for 75% of all mobile security breaches, rather than technical attacks on the OS.

The Dark Web, a Commune to Exchange Ideas

Hackers have always existed since the dawn of the World Wide Web, but their skills seemed off limits to the regular Joes. Not so much anymore.

Just recently, the dark web hacking forum appropriately named “Hell” has come back online after it was shut down. It is very public and its hacking information is largely accessible to anyone who is motivated enough to look for it.

The dark web sounds ominous and mysterious and, in a way, it is.

It exists on dark nets that require special software or authorization to access. Many hacking groups and individual hackers operate on the dark web, selling their services or simply exchanging ideas.

Data breaches can be almost humorous like the one for Ashley Madison in July 2015; that one might’ve felt like a well-deserved comeuppance for many people. But serious data breaches can mean the loss of millions of dollars and the grief trying to sort out issues from stolen identities.

With the rise of smart homes where everything is virtually connected, hackers can easily wreak havoc. Can they manipulate homes on smart grid to consume more electricity or cut off power entirely? The possibilities are endless and the dark web provides a platform to discuss these ideas easily.

Smart Home Devices and Wearables

Unfortunately, smart home devices and wearable tech are notoriously easy to hack into, because they lack basic security measures. There is no industry standard across different devices that connect to a global network that guides safety.

Sobering Thought: All hackers have to do is crack a home’s Wi-Fi and the rest falls like dominoes.

Then there are other issues to consider like who is responsible for “patching” your smart home if something goes awry. Or what if someone buys a smart home on sale, what do they do when the seller is unable to give them the “keys” to the smart home devices?

Solutions to Address Security and Privacy Concerns

Educate Consumers About Due Diligence

This isn’t to shift the responsibility of IoT security to consumers, but they do have to be vigilant about certain things.

One of them is changing passwords. Many customers of smart home devices don’t even think of changing the default passwords. Default passwords to popular devices are readily available online, making them easier to break into.

Companies that sell smart home devices should educate their consumers about changing passwords and security patch updates on a regular basis. Passwords that incorporate letters, numbers, upper and lower cases, and symbols are that much harder to hack.

Have Transparent Privacy Policies In Place

Ideally, smart home devices would not be vulnerable to attack if they’re designed with top-notch security in mind. But consumers will always be concerned about a possible hack, and rightfully so.

Businesses should alleviate security and privacy concerns by having transparent policies set in place.

For example, how do they collect consumer data? Where does the data get stored? What are some of the disruptive breach scenarios and what can consumers do on their end to prevent them (e.g. changing passwords)? In case of breach, what is the protocol?

These policies should be readily accessible to consumers.

Set Up a Team of Security Specialists

The IoT is only going to grow with consumers and businesses, so it makes sense to work with a team of qualified specialists. These specialists should be dedicated to addressing various security challenges and developing solutions.

Cisco has proposed a rather complex framework that addresses security and privacy concerns of the IoT. It consists of four layers:

  1. Authentication: Usernames, passwords, biometrics, and tokens
  2. Authorization: Establishing trusted alliance between different devices
  3. Network Enforced Policy: Policy about routing traffic securely over network
  4. Security Analytics: Real-time statistical data analysis to pick out anomalies

This isn’t a framework set in stone across the industry, but it helps to work with a qualified development team that understands these layers and can put something similar in place to address security and privacy concerns.

The IoT industry is still in its infancy. While the threat of security attacks is real, as the industry matures, it is highly likely the level of security technology would improve as well.

Until then, businesses involved in selling smart home devices have to be active in educating consumers, putting transparent policies into place, and working with a team of specialists.

Working with a quality developer is a good way to set your mind at ease and protect the security of your customers.

Koombea has a world-class team that can help you do just that. Get in touch with us today.

by Carmen Apostu
Blog Post