Internet of Things: it’s time to safeguard our future

Asaf Ashkenazi of Rambus

Artificial Intelligence (AI) and the Internet of Things (IoT) are set to revolutionise the way we live, work and play. Everyday items in the home will be connected in unprecedented ways and tasks traditionally carried out by humans will be replaced by automation and robotics. This promises to make the planet more sustainable, and the increasing population more manageable. The reality is that this ideal is being threatened every day.

Over the past five years, there’s been an exponential rise in data breaches and cyberattacks that costs upwards of £11 billion annually. The UK government released a report that confirmed nearly half of British firms have been impacted by a cyberattack in the past year and any organisation that holds consumer personal data is at an even greater risk. Despite increased investment in cybersecurity measures, the advent of IoT and AI introduces a new set of vulnerabilities, says Asaf Ashkenazi, VP, IoT Security Products at Rambus.

In recent months, malware such as Mirai, Brickerbot, and Hajime have emerged, targeting personal information on unsecured IoT devices and exploiting them for fraudulent transactions or identify theft. Smart home devices, new healthcare technology, and driverless cars are just some of the latest innovations being impacted by such vulnerabilities.

Recently a weakness was found in LG’s SmartThinQ, a home network solution that enables users to control home appliances with smartphones or voice-activated devices such as Amazon Alexa and Google Home. If exposed, an attacker could take over the account of a legitimate user, gaining access and control of their home appliances. SmartThinQ has been built into multiple LG appliances and products. This significantly raises the security stakes in the home as devices with remote-monitor cameras, for example, could be used for surveillance in the home or workplace.

Similarly, Abbott’s pacemakers were recalled recently by the American FDA, as a vulnerability was detected in the software. If exposed, attackers could drain a pacemaker’s battery life, change settings and even alter the rhythm of the device. Over 400,000 users were urged to go to the hospital to receive the software update as a result.

These examples illustrate the tangible risks associated with releasing unsecured IoT services and devices. As digital innovation rapidly evolves, devices are becoming potential targets for cyber criminals with malicious intent. Service providers and OEMs must take this security seriously, however this goes hand-in-hand with the evolution of existing security solutions. Solutions must place an emphasis on minimal cost and time-to market impact, to ensure wide industry adoption.

 

With IoT spending set to hit $840million (€712.92 million) by 2020, it’s easy for organisations to be overwhelmed by where to start. The most effective IoT security strategy is one that does not negatively impact profitability or a device’s release time. Before deciding on an IoT security solution for any business, it’s important to understand the core elements that make up a quality service.

The following three features are an ideal place to start:

Prevention

Protect services, endpoints and information using cryptography, and standardise security protocols and best practices. Strong device authentication to ensure only authorised and approved devices can access services; robust service authentication, to ensure endpoints can only be accessed by a legitimate service; data encryption to protect users’ privacy; and disablement of unnecessary remote communication protocols, are just few examples.

Early detection

No solution is 100% secure. When it comes to IoT, endpoints often have limited memory, CPU power and battery which can result in limited security. Real-time detection of infected devices allows companies to react quickly to an attack, thereby limiting the number of compromised devices. Early detection can be implemented by analysing anomalous device behavior. IoT endpoints behavior tends to be relatively predictable, which makes them ideal for detecting attacks through behavioral analyses. Sophisticated machine learning techniques can be leveraged to reduce false positives and automate the different devices behavioral learning process.

Recoverability

Many IoT devices are expected to be in service for many years. Moreover, they might be deployed in places with limited physical access, or operated by users with limited technical expertise. In the unfortunate event of an attack or the discovery of a new system vulnerability, the ability to quickly, efficiently and automatically patch devices is crucial to limit device abuse or service disruption. Over the air (OTA) updatability, where device credentials and security updates are pushed to the device automatically via the internet, is the fastest and most efficient way to provide in-field recoverability.

With half of the world’s population now online, the threat landscape will continue to evolve as more devices become connected. Security needs to be built into the fabric of every service provider and OEM’s design process to ensure products come to market with consumer safety in mind. This shift cannot come from individual businesses, the industry needs to collectively champion IoT security.

The author of this blog is Asaf Ashkenazi, VP, IoT Security Products at Rambus

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
RECENT ARTICLES

Fuzzy Logic raises €2.5mn to put robots in the hands of operators

Posted on: September 21, 2021

The Franco-American start-up Fuzzy Logic announces a €2.5 million seed round of financing from two European DeepTech funds: 42CAP, an industry-specialised German fund based in Munich, and Karista (via the Paris Region Venture Fund), an early-stage VC firm based in Paris.

Read more

US businesses show IoT investment resilience, despite pandemic

Posted on: September 20, 2021

Despite the adversity caused by the COVID-19 pandemic, grounds for optimism remain for IoT spending in the US.

Read more