Has your fridge or TV been compromised?
The Internet of Things (IoT) is a “buzz phrase” in our industry at the moment. What does it mean and will this latest technological advance brighten our lives?
Let’s start with a typically technical definition from technology research company Gartner: the Internet of Things “is the network of physical objects that contain embedded technology to communicate and sense or interact with their internal states or the external environment.”
Or more simply, IoT is a way for everyday objects to talk to each other and to talk to us. These objects contain embedded technology such as sensors that allow them to detect predetermined information and wi-fi that allows them to communicate this to the outside world.
IoT is already well-established in industry and manufacturing, where major efficiencies are being gained through improved equipment monitoring and automatic reporting or enhanced stock control regimes for example. Now, we are beginning to see IoT products more widely used in a domestic context as “smart appliances” become more readily available.
One of the most widely advertised examples in the UK is Hive Active Heating, currently being promoted by British Gas, which allows you to control your heating and hot water remotely from your smartphone, tablet of laptop. There are other similar remote thermostat devices out there, and you can now remotely control your lighting, your oven and have a smoke detectors that alert you smartphone if the worst should happen (apparently they can tell the difference between burnt toast and the real thing).
We hear of refrigerators soon being able to text us if we are running low on milk, and that most production cars will one day soon be fitted with equipment to remotely alert dealerships as to their state of health.
When you think of all the products and equipment that we interact with on a daily basis, it’s not hard to see why Gartner predicts that the number of Internet of Things devices could reach 26 billion by 2020 (other sources predict as many as 50 billion). Global revenue from IoT in 6 years’ time is estimated to reach $8.9 trillion, so it is no surprise that there are a lot of companies working very hard to deliver as many devices as possible.
But, as with everything, there is a potential downside. The rush to connect everything to the internet is outpacing our ability to secure all these devices from the dark side of the internet – cyber-attacks.
Back in January Proofpoint, a leading US security provider, issued a press release saying they had
“..uncovered what may be the first proven Internet of Things (IoT)-based cyber-attack involving conventional household “smart” appliances. The global attack campaign involved more than 750,000 malicious email communications coming from more than 100,000 everyday consumer gadgets such as home-networking routers, connected multi-media centres, televisions and at least one refrigerator that had been compromised and used as a platform to launch attacks.”
In the same way that PC’s and laptops can be unknowingly compromised and used to launch large-scale cyber-attacks Proofpoint’s findings show that cyber criminals are looking to commandeer smart appliances and other seemingly innocent devices on the IoT.
The attack that Proofpoint uncovered featured waves of malicious email and
“More than 25 percent of the volume was sent by things that were not conventional laptops, desktop computers or mobile devices; instead, the emails were sent by everyday consumer gadgets such as compromised home-networking routers, connected multi-media centres, televisions and at least one refrigerator.”
The concern is that as the number of these internet connected devices rapidly increases they represent a significant threat, they are easy to penetrate and few manufacturers are taking steps to protect against this threat. Consumers cannot be expected to be overly concerned about their smart appliances security status and anti-malware vendors cannot provide traditional security infrastructure.
So, as your fridge texts you to let you know that your Camembert has gone mouldy, give some thought to who and what it’s emailing!
The full Proofpoint Press Release can be read here