WaterGateway: The leakiness of the IoT is a scandal waiting to happen

Nick Booth

The Internet of Things (IoT) has security shortcomings that would shock the world if they were exposed – and if the mainstream media understood them. That’s the startling conclusion that freelance technology writer, Nick Booth has come to.

Unsecured devices offer unlimited entry into every critical network that runs the world. Whether they run agriculture, infrastructure or casino banking, those global village IoTs are leaking information like a sieve. You don’t need to hack a Las Vegas Casino’s accounts via the connected fishtank. Most criminals know that if they put a wire on an IoT gateway, it’ll soon sing like a canary.

We’re only two or three global disasters away from the mainstream media taking note.

In keeping with tradition the press would dub the cover-up controversy the ‘WaterGateway Scandal’. We don’t have much time to secure the IoT. Someone needs to do something.

Heavy investment

So, well done Cisco and BT, who are investing heavily in partnerships between scholars and start-ups that aim to solve the IoT’s security problems.

Three projects in particular have been recognised by Innovate UK, the British government body that channels ideas and investment to the right areas of the tech sector as part of its industrial strategy.

Three projects identify different types of IoT gateway as areas that need improvement.

When there are so many weak links in the chain, why address the gateway? It’s our best hope, explains a spokesperson for the CyberStone project. This is a collaboration between Cisco, BT, trade body The Internet of Things Security Foundation, the University of Oxford, the Techworkshub and artificial intelligence start up NquiringMinds. When you bring together such different cultures, you have to start off thinking about practical ways to concentrate minds.

The horse has bolted

“For technical and pragmatic purposes, securing the IoT endpoint is impossible, because that horse has already bolted,” explains the speaker. The gateway is an essential component of most IoT installations and provides a unique management node through which you can monitor, analyse and mitigate risk across every device and network.

At the same time, any deep IoT security endpoint invention will need something similar at the IoT gateway before it can work to full effect. So it makes sense to start with the gateway. Perhaps later the innovations will fan out across the network to endpoints and all the extremities.

Cyberstone aims to run processing at ‘the edge’ where it will analyse IoT device behaviours. The conclusions of this analysis will automatically be used to calculate risks associated with the apparent behaviour of all devices.

Security response service

By applying a mix of statistics, pre-calculated strategies and ‘full blown AI’ it aims to create an automated security response services running in the cloud. This runs in tandem with local analytics and, ultimately, it helps to obviate risk and to spread the responsibilities out to all players involved in the IoT. Cisco alone has spent £500,000 (€554,000) on this project.

Meanwhile, over at the University of Warwick, they are striving to create a blockchain/machine-brain hybrid that can adapt and survive the problems created by DDDs (dumbly defaulted devices). As with anything that uses machine learning and creates a sort of organic response from inanimate objects, it’s hard to summarise this simply without sacrificing some of its potency and relevance.

My interpretation of the project is this: They are striving to invent the world’s first intelligent gateway router. It will be so discerning that it will somehow know the ID of good devices and spot those that have been tampered with.

BT and Cisco have invested extensively in this, possibly because there is an immediate commercial use for this blockchain system. Water companies could use it to identify and cancel out waste, and in the UK there is an immediate need to lower the consumption of water per subscriber. Londoners, for example, need to drop their consumption from 150 litres of water per person per day to 118. That’s not going to happen unless Thames Water can make some intelligent interventions.

Finally, there’s the UltraSoc, which is an attempt to stop hackers causing havoc with connected and autonomous vehicles (CAVs). The self-driving car is so insecure it’s like a neurotic robot on wheels. Ever since some security researcher at Twitter hacked into a Jeep and published the results, people have become very nervous about CAVs.

The Twitter show-off boasted how he’d remotely twiddled a Jeep’s radio volume knob, pulled the steering and stamped on the brakes. As news about this spread, this encouraged the hacking herd and now they’re all at it, meaning that every OEM (original equipment manufacturer) has been cyber attacked.

The resulting confidence crisis could lose car makers a collective £26 billion (€28.8 billion) annually, says Upstream Security.

Calm could be restored with Systems-on-chip (SoCs) which integrate all the computing components that power today’s CAVs operating within a digitally-connected societal framework via the IoT. If the inventors (Ultrasoc, Copper Horse and the Universities of Southampton and Coventry) can pull this off, there will be high stakes to play for.

Let’s hope any gateway break-ins can be averted. Those intruders need nixin’.

The author is freelance technology writer, Nick Booth.

 Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow


9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

Infineon and Rainforest Connection create real-time monitoring system to detect wildfires

Posted on: October 22, 2021

Munich and San Jose, California, 21 October, 2021 – Infineon Technologies AG a provider of semiconductors for mobility, energy efficiency and the IoT, announced a collaboration with Rainforest Connection (RFCx), a non-profit organisation that uses acoustic technology, Big Data and Artificial Intelligence / Machine Learning to save the rainforests and monitor biodiversity.

Read more

Infineon simplifies secure IoT device-to-cloud authentication with CIRRENT Cloud ID service

Posted on: October 21, 2021

Munich, Germany. 21 October 2021 – Infineon Technologies AG launched CIRRENT Cloud ID, a service that automates cloud certificate provisioning and IoT device-to-cloud authentication. The easy-to-use service extends the chain of trust and makes tasks easier and more secure from chip-to-cloud, while lowering companies’ total cost of ownership. Cloud ID is ideal for cloud-connected product companies

Read more