Why do we need to take IoT security more seriously?


It goes without saying that cybersecurity is a serious concern, especially as internet and online services become more ingrained in our lives. Since the advent of Internet of Things (IoT), the number of connected devices in our homes, office and on our person is growing at a fast pace. Connected devices already outnumber human beings, and continue to propagate at a chaotic pace across many fields, including healthcare, home appliances, industrial control systems (ICS) and vehicles.

The rise of IoT brings huge advantages to businesses, consumers, government agencies and researchers in different sectors. Energy savings, better customer service, enhanced health data, improved vehicle performance and accurate crash analysis are just some of the benefits of IoT technology.

But the benefits it brings to malicious hackers and cybercriminals are enormous as well, and the IoT security nightmare has already become a cause of serious concern. In this post, I will explain how IoT security is different from traditional cybersecurity we’ve all come to know and love (or loath, if you like), and why it should be taken more seriously.

Privacy issues

IoT devices generate a lot of data. Some of this data, such as health-related information, is quite confidential and intimate, and is subject to laws and regulations such as HIPAA. Others, such as data generated by your connected toaster or light bulb, might not be very sensitive per se, but when combined with data from your smart lock, smart fridge, motion sensors… it can give away much about your life patterns and habits.

Moreover, the storage and distribution of the generated data is the issue of much debate. For most devices, the data is stored on cloud servers, and is later used by service providers to make assumptions about user interaction with devices and make decisions that will improve user experience (or at least that’s what they say).

However, regulations that are in place pertaining to the boundaries of ownership of data are not nearly enough to address the issues we’re facing with the explosion of data generation and consumption. What kind of data can vendors collect exactly (does anyone remember the connected TVs that spy on users or Hello Barbie dolls that record children’s interactions)? How much authority do vendors have over the data they collect from their consumers? Whom can they share it with? How long can they store it? What are the encryption and storage protection laws that apply to IoT data? These are just some of the questions tech experts and legislators will have to deal with very soon.

And the inconsistencies in data privacy rules across different countries only adds dimensions to the IoT privacy Rubik’s Cube.

Network security issues

A considerable percentage of IoT devices are lacking proper means to protect themselves against network breaches. In some cases, this can be critical, such as a smart lock that is remotely compromised and unlocked by a malicious actor, or vulnerable baby monitors that allow hackers to pick up live feed of you children. In other cases, such as smart sensors or connected kettles, it might not be a big deal, you might argue.

Or is it?

Cyber criminals usually grab at every opportunity to exploit a vulnerability. And as far as they’re concerned, IoT security issues aren’t a “let me hack your light bulb and turn it on and off at my own will” situation (though I do admit that such an occurrence would be annoying) but rather an “I’ll compromise you light bulb and gain access to your network” opportunity. See where it’s leading?

The problem is each new connected device can become a path into the network, which we call “attack vectors” in cybersecurity jargon. Compromised devices can become beachheads for more serious attacks, allowing hackers to move laterally across the network and gain access to more critical information and devices. Smart kettles that give away Wi-Fi passwords and smart fridges that give away Gmail credentials are testament to the case.

Of special concern are smart homes, which are lacking the IT security infrastructure that organizations and tech firms are equipped with, house some of the most vulnerable devices, and can become attractive targets for malicious actors.

Safety issues

IoT security issues go beyond the simple data theft, network manipulation hacks, and financial losses. In many cases, it has to do with the health and safety of real human beings or the functionality of critical infrastructure that affects the lives of thousands and millions of people. Smart rifles that can be hacked to designate new targets remotely, drug infusion pumps that can be compromised to harm – or kill – the patient through dosage change, cars that can be shut down remotely while driving at 70 mph, and entire power grids that can brought offline are just some of the cases that have surfaced in the recent year.

The IoT is now responsible for many critical functionalities in the home, office and across the entire metropolitan life. And with the forecasts made by Gartner, it will only grow larger and more prominent in the coming years. It can easily run out of control and pave the way for a new wave of totally different acts of terrorism and felony. Just think about the spooky opportunities that’ll arise when driverless cars become mainstream. Remote abductions and car crashes are two things that comes to the mind. I don’t know about you, but it gives me the shivers.

As we approach singularity, more and more of our identities are being digitized and sent into the cloud, thanks in large part to IoT. IoT is the future, and it is one of the biggest things that has happened in the history of the internet. We have to prepare ourselves for the worst if we want to take advantage of the best. Taking IoT security seriously will be an important factor in this regard.


8 comments on “Why do we need to take IoT security more seriously?

  1. […] Security and privacy concerns regarding IoT are paramount issues of course, but I’ve covered that topic thoroughly previously, and I wanted to dedicate this piece to the philosophical side of things, about the balance of power between man and machine. The conclusion, I’ll leave it to you. […]


  2. […] またそれ以上に、クラウドに接続されているすべてのデバイスからインターネットを介して生データを送信することには、プライバシー、セキュリティ、そして法的懸念が考えられる。特に異なる国家間のそれぞれの規制に関係する、取り扱いに注意を要するデータを扱う場合にはそれが問題となる 。 […]


  3. […] devices within a network is key to securing IoT ecosystems and preventing the infiltration of intruders. In current solutions, device authentication and […]


  4. […] having every device connected to the cloud and sending raw data over the internet can have privacy, security and legal implications, especially when dealing with sensitive data that is subject to separate regulations in different […]


  5. […] having every device connected to the cloud and sending raw data over the internet can have privacy, security and legal implications, especially when dealing with sensitive data that is subject to separate regulations in different […]


  6. […] to become a hurdle in collecting and analyzing data, especially as collected IoT data might account as sensitive and personally identifiable information, which are subject to separate regulations in different regions. “Unclear privacy guidelines make […]


  7. […] What we’re ignoring though, is the next wave of ransomware attacks, which will not target our files, but rather our IoT devices, which can be more dangerous and damaging, given the different nature of IoT security. […]


  8. […] After initially targeting individual computers the next wave of ransomware attacks does not go for our data files but instead our IoT devices. UAVs are exposed to these risks more than ever. This ransomware transformation makes it more damaging and harmful due to the special nature of IoT security. […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s