Holey IoT!

InfoComm is rapidly approaching and I am sure that there will be many gizmos and gadgets that are IoT ready as offerings in both consumer and commercial technology continue to explode in the market. The Internet of Things (IoT) play space has been promising, and delivering, on new and exciting ways to engage with customers, clients and drive both business and personal relationships to never-before seen heights. As you peruse the show floor or get inundated with marketing material flooding your inbox or snail box, pay attention to one of the least thought about complexities of this multi-faceted world – security.

Because this market has hit a fever pitch, not all manufacturers apply the same rigor to security as one would hope.  Most these players are well meaning while scrambling to not be left behind and there are the occasional bad actors who intentionally leave holes in their products to be exploited later (for either good or nefarious reasons). IoT presents a multi-pronged threat that can open the end user to a breach that is annoying at least and catastrophic at worst. It also opens manufacturers up to liabilities and bad publicity that can derail a fledgling company or give a good black eye to a larger one.

Quite often these security holes leave the users networks vulnerable and a VPN is not necessarily the best way to combat this. These vulnerabilities can be exploited by a bad hombre close to the Wi-Fi network using straightforward gear and programs to find a way in and then take control of your IoT gadgets such as your thermostat, smart lighting or other devices and lock you out turning around a ransom to let you back in. These holes can also be exploited to get behind firewalls and into your important networks taking over computers. Locking down a computer for ransom or even taking them over for a Distributed Denial of Service (DDoS) attack on other websites or providers.  We saw how this can wreak havoc when Dyn was hit like this effectively shutting down Amazon, Twitter, and others.

Part of the challenge lies in the way the data is (or isn’t) encrypted thereby allowing for those who would do harm to sniff out these openings and gain access. For example, once an opening in a device that can send emails or text messages to a real human, the data stream that generates that message can be laced with a virus or password capture that then opens the front door to the would-be hackers. This “Man-in-the-middle” approach does not require a person to be in proximity to the Wi-Fi network once the password is obtained.

See also  Friction, SB-327 and Zoom's Terrible, Horrible, No-Good Week

Why thinking of security is even more critical now and in the future, is based on where this industry may be headed.  As the Amazon Echo, Google Home and other Voice Command and Control (VCC) devices become ubiquitous in our everyday lives, we will see an explosion of these VCC containers leveraging multiple microservices working across a distributed network. As the VCC platforms continue to get smarter reaching SkyNet proportions, cloud-based architecture and services can catastrophically propagate unknowingly vicious attacks at a global scale.  Think shutting down entire cities via IoT devices.

Additionally, we expect to see the first products built on a smart contract blockchain technology currently being prototyped in financial markets to allow autonomous distributed transactions. Security concerns could shut down entire financial markets.  This will be coupled with the need for new wireless distribution technologies to carry this and other IoT device’s data including Small-burst packets, dense set connections, or over long distance. Already we are looking at LoRaWAN, 3GPP NB and ATT’s LTE-M to carry the load along with other mesh-network technologies.  If you remember the days of the Heartbleed or Crypt viruses that exposed and used the open source vulnerabilities of networks, then you have some sense of this.

Current markets and those with the largest predicted growth include transportation, security and surveillance, asset management, retail, inventory control, and sustainability products. Hackers will continue to exploit IoT technology to gain mass notoriety and cause the most amount of damage not just turn your refrigerator off to spoil your pot roast.
Where the biggest concern is in the fact that there will be new categories of IoT devices that work at a micro-scale but have reach to the greater network. These new devices and categories will come faster, in my opinion, then upgrades or replacements to existing products that benefit from second generation security enhancements.

So, if you are going to InfoComm, check out the IoT booths and some of the great seminars being presented on this very subject. But be warned — you might not sleep at night.

Editor’s note: Check out our piece on what AV integrators should know about WannaCrypt.