The security problem in Internet of Things

Internet of Things (IoT) is a collective term for the evolution in which machines, vehicles, buildings, household appliances, clothing, furniture, watches and other accessories, as well as everyday objects and even our own bodies, can be equipped with small, built-in sensors. This enables the devices to perceive their surroundings, communicate with it, collect data and create behavioral patterns that are situational. Thus, the gadgets can ideally help to create smart, attractive and helpful goods, environments and services. Some everyday examples are e.g. activity bracelets and self-driving cars.

The big difference between Internet of Things and the previous networked technology is that IoT uses much more equipment than its predecessors. The worldwide number of IoT-connected devices is projected to increase to 43 billion by 2023, if we are to believe an article written by McKinsey & Company in July 2019 (McKinsey 2019). The amount of equipment Internet of Things uses is huge and the potential for trouble also grows as the number of devices increase further.

When devices have an online connection, and when they are equipped with data-collecting sensors, such as a microphone and a camera, they give way for an increased attack surface. Intelligent houses, smart grids, and digital assistants sound great, but the downside is the risk of data breaches in elevators, geothermal pumps, air conditioning systems, surveillance cameras, refrigerators, baby monitors, TVs, coffee makers, lamps…

Take, for example, the botnet named Hide and Seek. It uses advanced communication techniques to exploit smartphones, routers, and cameras for criminal activities. The botnet infected tens of thousands of devices in a couple of days following its launch, according to cybersecurity company Bitdefender (Bitdefender 2018). With this in mind, we are forced to accept that potential denial-of-service attacks carried out by IoT equipment will disrupt our communities and our everyday lives for a very long time to come because of one single botnet.

So, the question is: why are we not doing anything about it? Well, in order to achieve better security, it must always be built in from the scratch. Maintaining safety also requires continual maintenance, as well as more or less regular updates. All of this comes at a cost, and in order to drive down the prices of the various connected devices, it can be very tempting for manufacturers to omit or be slightly careless with the safety aspects.

Well yes, but what could we do then? In order for Internet of Things to function better and more securely, safety, reliability and fault tolerance must be given higher priority already at the design stage. Many connected devices are expected to work for decades, making the security issue all the more important.

When dealing with security issues one must always ensure that the safeguards reach the potential level of risk. Internet of Things is a central part of the ongoing digitalization of society and it brings many positives, but IoT also raises questions about security, and we – both manufacturers and consumers – need to become much better at taking care of it.

Centria is a part of the SIFIS-Home project that combines 12 European leading industry players in the IoT, telecommunication, standardization, and cyber security with research and academic institutions. The project aims to provide a secure-by-design and consistent software framework for improving resilience of Interconnected Smart Home Systems at all stack levels. SIFIS-Home has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement Nº 952652.