Pierluigi Paganini January 14, 2014

Internet of Things, a business growing at a compound annual rate of 7,9%, which are the principal cyber threats to the popular paradigm?

Another week is starting and this morning the topic that I’ve found everywhere is Internet of Things (IoT), it is a growing paradigm that will influence our life in the next future, and probably it is already doing it. The Internet of Things, as explained in a previous post, refers all objects in daily life equipped with identifiers that allow their automatic inventory. Tagging of the Internet of Things could be achieved with various technologies such as the RFID, NFC, digital watermarking, QR code and muck more.
Unfortunately the rapid diffusion of the The Internet of Things technology is not accompanied by a rapid improvement of efficient security solutions for those “smart objects”.

Cybercrime is aware of the delay in securing The Internet of Things and it is expected an explosion of cyber attacks against a technology still helpless. The Internet of Things is a business opportunity for security firms and a great invention for every industry, everyone could benefit from their adoption, but we must carefully evaluate the cyber threats and the level of exposure of data managed by such useful devices.

Which are principal cyber threats that threaten The Internet of Things? I’ve found an interesting post by Symantec that identified the following potential risks

• Denial of service – DDoS attacks could target all the end points of a working scenario, the offensive my cause the block of the network of network of smart devices paralyzing the service it provides.
• Botnets and malware based attacks – Malware could be used by hackers to target every element of The Internet of Things architecture. A malicious code could be used to infect computers used to control the smart devices or to attack the software executed by the devices to turn them to unplanned use. Recently Symantec security experts have discovered a new Linux worm that was designed specifically to target the “Internet of things” infecting Intel x86-powered Linux devices. Each element of the network could be used to send Spam, to generate costly SMS messages, or indeed participate in a DDoS attack.
• Weakening perimeters – The main problem of Internet of Things paradigm is that almost every physical object was generally not designed to be internet-connected, this consideration has a direct repercussion on the lack of network security that was not considered by design. We must consider that smart meter if hacked could give access to our domestic network, giving a hacker the possibility to spy on us or causing physical damage, for example by altering the operation of an oven or any other appliance, similar problems could be related to any industry.
• Data Breaches – Organisations should be aware of the potential for unintended consequences of IoT use cases. These include potential privacy breaches (for example over-intrusive staff monitoring) and the possibility of ‘gaming the system’, for example customers simply walking through a store to gain loyalty points.
• Inadvertent breaches – Data managed through the Internet of Things could be accidentally lost or exposed. Symantec provides the example the CEO’s car broadcasting its location, but more sensitive information could be leaked from the business environment.

The post avoided to consider device hacking, it could not be ignored the possible hack of these devices to turn them to unplanned use security experts believe that in the next future hackers will exploit new attack vectors from unexpected directions.

It is likely that attackers will migrate consolidated techniques of attack to The Internet of Things, Symantec experts according the post has no doubts

“We will no doubt see new variations on themes such as ‘man in the middle’ or ‘watering hole’ attacks, this time targeted at information flows from physical objects rather than people and their computers.”

Pierluigi Paganini

(Security Affairs –  Internet of Things, cyber security)