Get ready for the Internet of (hacked) Things
It
has been observed that WiFi (especially public WiFi) and Bluetooth can be
breached imagine a scenario when your alarm clock is connected to the internet,
and accesses your calendar to know when and where the first appointment of the
day is. It simultaneously cross-references that against the latest traffic
conditions, depending on which you can sleep a little longer or wake up
earlier.
The
curtains in your bedroom open, the water heater gets switched on and coffee
gets ready automatically—all this before you even get out of bed.
You
don’t have to worry about your kids brushing their teeth as the toothbrush
sends a message to your smartphone, informing you when the task is done.
And
as you are ready to leave for work, the tracker on your key chain alerts you
about its location.
This
may sound something out of a science fiction movie to some people, but in fact,
is a close reality.
All
this can be possible with the ‘internet of things’ (IoT), where chips and
sensors are embedded in everyday objects, making lives not only unified but
also convenient.
IoT
means that all physical objects will have an internet protocol (IP) address and
get transformed into mini computers.
Right
now, these activities cannot take place as the current version of IP (IPv4) has
run out of unique addresses, making it impossible for devices to be connected
to the internet.
The
solution is IPv6, which will replace IPv4 and increase the available internet
address online.
While
IPv4 can support about 4.3 billion connections; IPv6 can potentially provide a
unique address to every single atom on the planet. With IPv6, all tangible
objects—your lamp, car, television, refrigerator—will become smart objects.
Today,
there are millions of people using multiple wireless technologies, from WiFi to
near field communication (NFC), Bluetooth, radio-frequency identification
(RFID) and others.
Soon,
there will be billions of devices using these to communicate over the internet.
The
downside: all these communication technologies can be hacked. It has been
observed that WiFi (especially public WiFi) and Bluetooth can be breached, and
RFID hacking devices are apparently available on the internet for less than
Rs3,000.
NFC,
which is used for payments, has also possibly been compromised on occasions
with hacker applications such as NFCProxy.
With
more mobile devices enabling mobile payments with NFC, it is likely that
cyber-criminals will increasingly attempt to exploit the security loopholes.
The
IoT can also lead to hardware hacking, which is the use of hardware components
to hack into a device.
Today,
many users are aware that downloading apps from unverified sources or opening
unknown computer files might give their phones a virus, but not many know that
their choice of mobile phone charger can also lead to the same.
It
is said that researchers have already built a hardware virus, embedded inside a
compromised USB charger, which is capable of targeting certain mobile phones by
just plugging in the power chord.
In
2013, it was reported that customs officials (of a particular country) noticed
that a series of electronic consumer goods manufactured (in another country)
contained hidden miniature WiFi chips.
Further
scrutiny revealed that these could spread malware to any open internet network
within 200 metres and were able to “phone home,” relaying secret messages.
So,
imagine protecting a world where every physical object—from pacemakers to
self-driving cars—is connected to the internet and is at the risk of being
hacked from anywhere on the planet.
The
reality is that, in fact, it is impossible. Cautiously speaking, the promise of
the IoT could turn sour, and probably become the ‘internet of (hacked) things’,
which is a hotbed of many malicious opportunities for cyber criminals.
The
IoT and its underlying protocols (which may not be secure) can have the
potential to open a Pandora’s box of security vulnerabilities on an
unprecedented scale.
Constantly
changing technologies can make it tough to secure today’s global information
systems completely. Advancement enables modernisation, but the security of data
and systems is sometimes kept aside during the process of innovation.
Therefore,
it is paramount for the C-suite as well as technologists to consider all
possible security aspects as comprehensively as possible while keeping in mind
any future risks.
After
all, a thief attempting to break into a house will have more options if the
house has more doors and windows, especially if all these are connected to the
internet.
Regards
Pralhad Jadhav
Senior Manager @ Library
Khaitan & Co
No comments:
Post a Comment