Human beings have always sought out ways to communicate more efficiently. Our society has come a long way since the days of the telegraph and radio. Never have we been more inter-connected with our ability to communicate and collect data than we are now. New advances in technology has given us an unprecedented look, into how our industries and commercial sectors operate. The consumer can now be studied with precise observation in real-time. The arrival of the Internet of Things (IoT) has ushered in a new age of mass communication and data collection. First, let us discuss what IoT is and how it is applied in the real world. Simply put, the Internet of Things is a network of Internet connected objects able to collect and exchange data. Kevin Ashton of MIT was the first to mention the Internet of Things in 1999. His goal was to bring radio frequency ID (RFID) to the leaders of P&G. IoT has evolved tremendously since then. It is important to understand how versatile IoT can be. A “thing” in IoT can be a medical device (pacemaker) monitoring vital statistics, a built-in sensor to monitor tire pressure, or a smart thermostat to keep server rooms at acceptable temperatures, and commonly used household devices, such as Nest, Ring doorbell, and Roku boxes. All these examples collect and send data back to the manufacturer. Data is also sent to third-party analytical centers for both marketing and research. IoT is generally subcategorized by device, into three distinct groups: information technology, operational technology, and smart objects.
The emergence of IoT has been incredible but has also come with serious concerns regarding cyber-security. The sheer amount of IoT connected devices present the first challenge. According to research conducted by Gartner INC., by 2020 nearly 21 billion IoT devices will be operational in the commercial sectors alone. The second challenge is the lack of device memory and processing power. The average IoT device does not have the memory capacity or processing power to deploy intrusion detection or have firewalls. Each IoT device is like an open door for a hacker to walk through and get on the network. For example, a hacker can exploit the CAN bus of a car and manipulate the brakes. In 2015, two security-researchers named Chad Miller and Chris Valasek demonstrated how to remotely kill a Jeep on the Highway by exploiting IoT. The researchers were able to manipulate the air conditioning, windshield wipers, breaks, radio, and acceleration. Most “smart” devices can be fully exploited, especially while connected to Bluetooth or open Wi-Fi. The attacker can use the IP of the IoT device as an entry point and pivot the attacks to other systems. Cars have an internal computer network, known as a CAN (Controller Area Network) bus. This allows different components to communicate with each other. Chryslers are easier to exploit than other types of cars because of the Uconnect exploit found in 2013-2015 models.
Currently the FTC recommends practicing a layered strategy of defense, "defense-in-depth” as protection against IoT related attacks. Other defense methods include, limiting the points of data collection on the network, not quantifying all IoT devices the same, not using one general IoT security policy, consider all the risks and liability before adding an IoT device. Evaluating IoTs impact on the network’s integrity, is critical to avoiding attacks. Some may also argue that the responsibility of making sure a device is secure lies within the design having proper security at the ground level, as the majority of security measures and strategies cannot negate faulty design. With any of these types of devices, transistor level security should be included in the design or embedded in the processor, in addition to being able to accommodate software updates to stay ahead of malicious attacks.