Internet of Things (IOT)
The internet of things,
or IoT, is a system of interrelated computing devices, mechanical and digital
machines, objects, animals or people that are provided with unique identifiers
(UIDs) and the ability to transfer data over a network without requiring
human-to-human or human-to-computer interaction.
A thing in
the internet of things can be a person with a heart monitor implant, a farm
animal with a biochip transponder, an automobile that has
built-in sensors to alert the driver when tire pressure is low or any
other natural or man-made object that can be assigned an IP address and is able
to transfer data over a network.
History of IoT
Kevin Ashton,
co-founder of the Auto-ID Center at MIT, first mentioned the internet of things
in a presentation he made to Procter & Gamble (P&G) in 1999. Wanting to
bring radio frequency ID (RFID) to the attention of P&G's senior
management, Ashton called his presentation "Internet of Things" to
incorporate the cool new trend of 1999: the internet.
The first
internet appliance, for example, was a Coke machine at Carnegie Mellon
University in the early 1980s. Using the web, programmers could check the
status of the machine and determine whether there would be a cold drink
awaiting them, should they decide to make the trip to the machine.
IoT evolved
from machine-to-machine (M2M) communication, i.e., machines connecting to each
other via a network without human interaction. M2M refers to connecting a
device to the cloud, managing it and collecting data.
How IoT works
An IoT
ecosystem consists of web-enabled smart devices that use embedded processors,
sensors and communication hardware to collect, send and act on data they
acquire from their environments. IoT devices share the sensor data
they collect by connecting to an IoT gateway or other edge device where data is
either sent to the cloud to be analyzed or analyzed locally. Sometimes, these
devices communicate with other related devices and act on the information they
get from one another. The devices do most of the work without human
intervention, although people can interact with the devices - for instance, to
set them up, give them instructions or access the data.
Benefits of IoT
The
internet of things offers a number of benefits to organizations, enabling them
to:
·
monitor their overall business
processes;
·
improve the customer experience;
·
save time and money;
·
enhance employee productivity;
·
integrate and adapt business models;
·
make better business decisions; and
·
generate more revenue.
Consumer and enterprise IoT applications
There
are numerous real-world applications of the internet of things, ranging from
consumer IoT and enterprise IoT to manufacturing and industrial IoT (IoT). IoT
applications span numerous verticals, including automotive, telecom, energy and
more.
In the
consumer segment, for example, smart homes that are equipped with
smart thermostats, smart appliances and connected heating, lighting and
electronic devices can be controlled remotely via computers, smart phones or
other mobile devices.
Wearable
devices with sensors and software can collect and analyze user data, sending
messages to other technologies about the users with the aim of making users'
lives easier and more comfortable. Wearable devices are also used for public
safety -- for example, improving first responders' response times during
emergencies by providing optimized routes to a location or by tracking
construction workers' or firefighters' vital signs at life-threatening sites.
Common
Cyber Attacks in the IoT
Many types of attacks have been around for a very long time.
What’s new is the scale and relative simplicity of attacks in the Internet of
Things (IoT) – the millions of devices that are a potential victim to
traditional style cyber attacks, but on a much larger scale and often with
limited, if any protection. At its core, IoT is all about connecting and
networking devices that up until now have not necessarily been connected. This
means that all of those devices, whether it is your brand new connected
refrigerator or your connected vehicle, are creating a new entry point to the
network and therefore posing an increasing security and privacy risk.
Ø Botnets
A botnet is a network of systems
combined together with the purpose of remotely taking control and distributing
malware. Controlled by botnet operators via Command-and-Control-Servers
(C&C Server), they are used by criminals on a grand scale for many things:
stealing private information, exploiting online-banking data, DDos-attacks or
for spam and phishing emails.
Ø Man-In-The-Middle
Concept
The man-in-the-middle-concept
is where an attacker or hacker is looking to interrupt and breach
communications between two separate systems. It can be a dangerous attack
because it is one where the attacker secretly intercepts and transmits messages
between two parties when they are under the belief that they are communicating
directly with each other. As the attacker has the original communication, they
can trick the recipient into thinking they are still getting a legitimate
message. Many cases have already been reported within this threat area,
cases of hacked vehicles and hacked "smart refrigerators".
Ø Data & Identity
Theft
While
the news is full of scary and unpredictable hackers accessing data and money
with all types of impressive hacks, we are often also our own biggest security
enemy. Careless safekeeping of internet connected devices (e.g. mobile
phone, iPad, Kindle, smartwatch, etc.) are playing into the hands of malicious
thieves and opportunistic finders.
IoT
security and privacy issues
The internet of things
connects billions of devices to the internet and involves the use of billions
of data points, all of which need to be secured. Due to its expanded attack
surface, IoT Security and IoT Privacy are cited as major
concerns.
One of the most
notorious recent IoT attacks was Mirai, a botnet that infiltrated domain name
server provider Dyn and took down many websites for an extended period of time
in one of the biggest distributed denial-of-service (DDoS) attacks ever seen.
Attackers gained access to the network by exploiting poorly secured IoT
devices.
Beyond leaking personal
data, IoT poses a risk to critical infrastructure, including electricity,
transportation and financial services.
Internet of Things Investigations
Any
investigator will tell you that digital evidence is good as long as you can
associate a user behind the information. The user profile created with the
application, as well as the historical data from the device’s purchase record,
could be used to strengthen the identity of the user of the wearable.
Hypothetically, a gold mine of digital evidence, in this case, would be found
in the legal collection of the iOS or Android device associated with the user.
Should an
investigator have access to the app, it would be easy for him/her to identify
your items’ last locations and potentially your current or last location. Other
real-time GPS locators are also available in the form of a ring that will
display text messages, phone numbers and contact names.
For an
investigator, the ultimate properties of IoT devices are their
interconnectivity and sometimes a distinctive connection to the Internet. To
achieve this type of communication between IoT devices, an investigator will
have to become familiar with the IFTTT (“If This Than That”) platform, which is a free
web-based service allowing users to create chains of simple conditional
statements called “recipes” that are small programming “IF” statements
controlling your IOT devices.
Simple Steps To Protect Yourself
From IoT Security Threats
One factor which is often overlooked by
tech and gadget enthusiasts frothing at the mouth with excitement over the
incoming surge of intelligent, connected home devices is security.
Ø Users
should always change the default password on connected devices. Always, and
with no exceptions.
Ø Read
the terms and conditions. Yes, its painful, but these should help you
understand what data is being collected and what therefore what threats might
exist.
Ø This
might sound like it defeats the purpose of a smart home… but think about how
connected you need to be. The more devices you have connected, the more ways
there are for hackers to get into your home.
Ø Keep
the software updated on all your connected devices. It’s the only way to make
sure the vendor is providing bug fixes. If your device hasn’t been updated in
several months this could be a red flag – is the vendor still in business? Who
is making sure the device is still secure?
No comments:
Post a Comment