Information Systems Integration – Tony Messina

Security of the Internet of Things

A big concern when using IoT devices is security. Hackers are always searching for new exploits, and vulnerabilities in things like wireless protocols can lead to the hacking of IoT devices such as Phillips Hue.

From the article:

“Researchers from the Weizmann Institute of Science and Dalhousie University were able to execute the chain-reaction attack by exploiting a vulnerability in the ZigBee wireless communications protocol, a widely used home automation protocol found at the core of millions of today’s most popular smart home devices — Philips Hue lighting is just one example. The infected payload was delivered by exploiting a weakness in Philips’ encryption to force an over-the-air firmware update using an “autonomous attack kit” built from “readily available equipment” costing just a few hundred dollars. In other words, anyone with the knowledge and motivation could execute a similar attack.”

As building a “smart home” becomes more and more popular, what types of risks do you think these types of vulnerabilities could lead to?

 

Source (https://www.theverge.com/2016/11/3/13507126/iot-drone-hack)

2 Responses to Security of the Internet of Things

  • I definitely think that one of the most prominent risk is the mobile interfaces that consumers use to control their IoT devices, specifically among the population of users who aren’t technologically inclined and who don’t understand basic security protocols. We hear of malicious files or softwares being downloaded onto personal computers (see Chris Rosentreter’s post about CCleaner) quite frequently. But finding out that you are affected by the malware and actually taking the steps to resolve the issues are vastly different.

    With the Equifax breach still in the minds of millions of Americans, the information that was potentially stolen is incredible (i.e. social security numbers, date of births, driver’s license numbers, credit history, etc). I can only imagine the the type of information gathered by IoT devices in your home (i.e. your climate preference, contacts, account passwords, device usability statistics, etc) pose a much less, but still prominent, threat.

    I don’t anticipate IoT threats risks becoming mainstream within the next 5 years, but after that it’s anybody’s guess.

  • More and more technology companies released their smart home products. Most recently, Amazon released a smart home product call “Echo”; Google released their Google smart home product; Also, Boss as a sound and video company which released their music smart home product. A smart home product can be a trend in the future. But, it also will bring a risk with those technologies. Hackers can simply attack a smart home product. For example, a hacker can monitor smart home camera which vulnerabilities in wireless protocols. Therefore, Amazon Echo allows users to communicate with Amazon’s assistant Alexa through a bone-conduction audio system. Customers can purchase products in the Amazon via Amazon Echo. Generally, customer’s credit card information stored in the Amazon. Once hacker attaches wireless protocols, they can use your account to purchase products in the Amazon.

Leave a Reply

Your email address will not be published. Required fields are marked *