If you think that the only devices you own capable of connecting to the Internet are your laptop, cellphone, and television, then you haven't been paying close enough attention. A fairly recent technological concept could completely change how we consider how the Internet impacts our lives in just a few years. However, based on early research, this technological breakthrough could have severe ramifications in regards to security.
The concept is known as the "Internet of Things" (IoT). The concept is simple, even if it might seem a little odd at first glance: with IoT technology, any device with an on/off function can wirelessly connect to the World Wide Web. That means common household devices such as a toaster or electric toothbrush could theoretically have Internet access. This concept goes beyond common appliances such as those; it can even apply to formidable pieces of machinery such as airplanes and bulldozers. It is estimated that by 2020 there could be anywhere between 26 billion and 100 billion devices able to connect to the Internet via IoT technology.
Why the desire?
You might be wondering why so many more devices would need Internet access, and the reason is simple: making our lives simpler. The Internet connectivity of devices, like an electric toothbrush or toaster, could mean devices communicate between each other via cloud technology and sensors, thereby functioning to their fullest and fastest capabilities. Your Wi-Fi capable smoke detector could send an alert to your laptop notifying you that your batteries are about to die, and that's just a relatively modest household accomplishment. With IoT technology, "smart cities" could take on a whole new meaning, with interconnected communication spanning across metropolises and their round the clock needs, from transportation to pollution control.
What's the risk?
People are already concerned about network security when it comes to devices such as their computers and smartphones; when that spans to every device they and everyone else owns having Internet access, it is understandable where the anxiety sets in. Furthermore, there has already been testing of devices with IoT capabilities, and the chances of being compromised are quite strong.
At HP Fortify, researchers discovered that in a sample group of 10 devices, 250 vulnerabilities were discovered. This sample included common household items such as sprinklers, garage door openers, and webcams.
Of the sample group of ten, seven of the devices revealed who the device users were when they were combined with cloud and mobile apps. Nine of them were able to receive at least one piece of personal data about the user, and six of them were at risks for attacks such as a persistent XSS. It can be enough of a hassle for users to try to defend one or two devices against hackers; the thought of having to protect every device might be too much to handle, especially for business owners who would have to deal with insuring a business when the entire company could be compromised by savvy hackers.
Hope for the future
Those involved in IoT technology are aware of the problems that have been presented and are working against them. The study was lead by Daniel Miessler, practice principle for Fortify on Demand at HP Fortify. Miessler says that a sizable percentage of the vulnerabilities that came to light after testing were not reoccurring. According to Miessler, there is a great deal of complexity with the process, due to devices, networks, and authentication all intermingling.
"If you're not looking at the big picture, you're missing a lot of stuff," Miessler said.
Miessler and other researchers are working together on the OWASP Internet of Things Top Ten Project, a means of focusing on the top ten security problems with IoT devices and dealing with them in the best way possible so that our world can be connected without being compromised.