The internet is abuzz with exciting innovations in technology, its minimization, automation capacity and the myriad re-applications of older technologies now enhanced with modern communications advances. But this comes with significant security concerns, as now most of our devices, appliances and even light-bulbs are becoming internet-facing liabilities. Cars, pacemakers, heart-monitors, webcams, smartphones, GPS and wireless access-points are just a few technologies that today raise serious privacy/security concerns amongst professionals and well-informed users.
Recent reports are showing foreign attacks and stress tests probing US infrastructure, with US Intelligence officials stepping up their warnings and highlighting issues many security experts have previously noted for years. In a nutshell, our cybersecurity measures, since the start of Industrial IoT, have not kept pace with the internet driven revolution unfolding before us.
With IoT the standard has been focused on competitive pricing and usability, often dedicating little resources for long term device security, rarely using industry standards or poor implementations. Startup-like IoT companies tend to overlook important security aspects of new devices like: the initial setup/provisioning process, default configurations and providing consistent firmware patches and software updates for their foreseeable lifetime.
4.Device Hijacks and PII-based Attacks (Personally identifiable information)
The Internet of Things is changing society by leaps and bounds, with thousands of internet-based services and devices only a tap or swipe away. AI powered Self-driving cars, personal assistants, Smart phones and other smart “things” (Washers, refrigerators, TV’s, kids toys) all face hundreds of probes and attacks each day from hackers looking for vulnerabilities and ways into otherwise secure networks.
Nowadays people rarely have time to think about all of the security implications in services like ride sharing, fitness tracking with regards to privacy and security. Just take a little time and think about how with a little motivation, systems can very easily be abused and used in ways providers never intended, often to the detriment of others. With shared rides for example, specific users can be targeted using a little information of their schedule and brute forcing methods like simply placing compromised uber drivers around the general area. Autonomous vehicles may even become prime targets for hackers and criminal enterprises after high-profile targets. Even for the layman, targeted social engineering hacks and brute force methods could easily land you a compromised uber driver within your vicinity, who can then leverage your habits, whereabouts and personal devices for further exploitation.
3.Attacks through social media, messaging and news outlets
The IoT is much more than just for streaming media, empowering services and easing everyday life. Modern devices are often equipped with diverse sensory capabilities that allow advertisers and third-parties to use this date for accurate prediction on habits which can be corroborated with other data acquired through online queries. Think of this attack as a more sophisticated, long-term version of the PII attack show previously, but with much more subtle long lasting, wide-reaching impacts on our everyday lives.
An example of this attack used to great effect and advantage where multimillion-dollar Ad campaigns that utilized treasure troves of personal data to intelligently modify advertisements on-the-fly for political outreach the 2016 U.S presidential elections. Though impossible to quantify the direct impact of such well-targeted and personalized campaigns optimized through big data farming and AI, the days of blanket advertising and gambling on awareness efforts are all but over. Among media and marketing experts there is no doubt as to the cost-effectiveness of these personalized outreach methods and how impactful these intelligent campaigns tend to be.
2. Attacks on interconnected services
Perhaps the most obvious and proven pitfall of cheap IoT devices, is their susceptibility to malware, especially botnets trawling the internet for devices to assimilate. For an example on how devastating attacks on communications infrastructure and services can be, there’s already real-world cases showing what happens if services are throttled in critical networks used by first responders. Imagine a case where massive IoT coordinate an attack on telecommunications infrastructure combined with targeted attacks on physical infrastructure.
A great example of the level of impact a massive attack can have is the massive (over 100,000 compromised IoT devices) sustained DDoS attack on Dyn, which affected large portions of services on the internet. Attacks on critical internet service providers are especially effective, as shown in the Dyn attack (they are a principal registrar and provider of domain name servers). DNS’s are a vital component of the internet today that translates human-readable names such as google.com or cnn.com into specific network addresses and ports computer systems understand, ex: 123.456.789.0:5555.
1. Attacks on critical infrastructure
When it come to cyber security, the raw numbers point a bleak picture, with only $8.5b USD (only a 4.9% increase from last year) being dedicated towards cybersecurity out of the total $686.1b USD defense budget set for 2019 (a 14% increase overall). Ongoing intelligence reports warn and point towards cyber security as the new encroaching war front, and is now seen by most as an effective method of furthering international politics and agendas. This method of cyber-warfare is being touted as the new battleground, and many estimate within 10 years the majority of resources, efforts and impacts from foreign adversaries will be propagated through the internet and compromised systems.
Today, more and more of the critical infrastructure is being powered by the Industrial Internet of Things, with power plants opening up internet facing services fo access to things like smart E-meters and home automation. Imagine the devastation things like domestic terrorism can have when combined with other types of cyber attacks on critical infrastructure and supporting emergency services . Damaging power grids and communications can create many life-threatening situations or in the case of emergencies thing like critical healthcare, exacerbate them to life-risking levels.