Internet of things

[Nom De Plume]

The internet of things, or IoT, is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
https://en.wikipedia.org/wiki/Internet_of_things

Exchanging Convenience for Security
By Daniel Jetton, VP Cyber Services, OBXtek, Inc.
Prologue
Picture this scenario. Recently, I purchased a smart grill, which automatically starts and heats up via an app I can set on my phone. Additionally, it senses when my food is the correct temperature for retrieval. One day I receive a text message from someone calling himself “Xtrakt0R79”. Xtr@kt0r79 texts me that he has hacked my grill and has fired it up to 500 degrees. The gauge is rapidly approaching the danger zone. I quickly hit another app on my phone, connecting to the Wi-Fi camera on my back patio. I can clearly see the hot grill with heatwaves dispersing in the air above it. The hacker is asking for $75 transferred via bitcoin or crypto-currency to keep from superheating the unit and possibly starting a fire on my patio. I have 20 minutes to comply and 30 minutes to complete the funds’ transfer. What do I do? I should have secured these apps and devices better. Was there a default password I should have changed? Can the hacker access other smart technology in my house? From where will the next ransom request come?

Introduction
The term “Internet of Things (IoT)” is used to describe the increasingly networked machine-to-machine/network-to-network communications that is built on cloud computing and various sensors. The IoT exists in an instantaneous, virtual and mobile environment. The term IoT is sometimes used synonymously with “smart” hardware, describing how the hardware reacts and sometimes anticipates our needs (like turning on the lights or otherwise reacting to voice commands). These smart devices are not equipped with artificial intelligence, but use sensors and commands that automate tasks we humans no longer have time or the inclination to do (Burrus, 2017). The three major drivers of this IoT technology are decreased computing and storage costs, pervasive cheap and tiny sensors, and ubiquitous connectivity (Jontz, 2017). Objects like smart thermostats learn your house habits to adjust temperatures that keep you most comfortable when home and save money when you are not. Smart lights may go off when they sense no movement or have reached a programmed time. They may also turn off when you press a button on your phone or use a voice command. Between you and the smart device exists a network and internet cloud that decipher and transmit the data from sender to receiver.
The cleverest part of the Internet of Things is not necessarily that you can tell devices to do things, but that device can tell you things. A moisture detector can alert you to a flooding basement via your phone. Smart cement can detect warps, cracks and stress fractures on bridges and roads and automatically notify authorities to prevent a calamity. Similar sensors on your car can detect ice on a sloped road and automatically slow your vehicle (Burrus, 2017). In traffic, anyone with the Waze application on their smart or tablet device can use the GPS and algorithm (and network of users) to determine the fastest way home.

In 2016 the IoT market generated $1.39 billion with a forecast of generating $74.53 billion by 2025. Largely due to global distribution and growing internet availability, the demand for connected devices will increase while the cost of sensors, sensor technologies, and high-speed internet will decrease. The only thing slowing the growth will be a shortage of IoT expertise and trained workers along with a lack of universally accepted standards and protocols (Inkwood, 2017). Polling 5000 enterprises globally, an AT&T Cybersecurity Insights Report found that 85% of enterprises are either currently using or planning to adopt IoT hardware, yet only 10% are confident they can secure these devices (Meola, 2016).
Always On: Part of the Collective

Virtually every household item has the potential to become connected to the internet in the next few years. Turning a “dumb” device into a smart one will be financially inconsequential as processors become a commodity. This could result in a flood of smart devices that have little to no value to the consumer. These smart devices would instead be produced as a way to harvest data, analytics, and information for the manufacturer. Data is a much sought after commodity that can be used by the manufacturer or resold on the marketplace. Mikko Hypponen, chief research officer at F-Secure, foresees kitchen appliances collecting data to monitor repairs and broadcast their location. Location data can help marketing and sales by focusing on advertising (unbeknownst to the owner). With upcoming 5G wireless service, these devices may not even need a home Wi-Fi to communicate worldwide. Just as computer-controlled vehicles are commonplace in the automobile market; soon you likely won’t be able to purchase a device without IoT connectivity. Darren Thomson, CTO & Vice President of Technology Services at Symantec, agrees that companies are asking if they can produce IoT devices instead of if they should. Businesses across the globe are racing to digitize what they do and connect what they have in order to collect data from what they have to sell. Further, patches and updates work for items that can be completely shut down and rebooted, but cars, buildings, pipelines, power plants, and cities have little or no downtime.

The danger of using these IoT items is that we become used to them and forget they are always on, always collecting data (Palmer, 2017). The emergence of the data economy will further promote the use of connected devices and the data they produce. This emergence will give big companies like Amazon, Apple, Facebook and Microsoft distinct advantages and power. Algorithms can be implemented to predict when hardware needs servicing when a person is at risk for a disease or is ready to buy a product.
Access to this data also gives an advantage over rivals and startups. By tracking “big data”, large companies will be able to know new trending products and services as they happen, giving them the opportunity to copy or purchase an upstart before it becomes a threat (Economist, 2017). As data of the 21st century become what oil was in the 20th century, companies will be staking their claims and digging deep in hopes of hitting some of that valuable data.

The Threats

Threats to IoT, from hackers to malware, are myriad. A newly discovered malware called BrickerBot, currently in the wild, targets IoT devices that specifically run open-source Linux. BrickerBot takes advantage of users who did not change their default username and password printed on the IoT devices prior to shipping. While other malware may look to add a device to its collection of botnets, BrickerBot looks to kill the device outright. As opposed to the common distributed denial of service (DDoS) attack, BrickerBot offers a permanent denial of service (PDoS) attack which renders the device useless. While this vulnerability is common, it is easily preventable and remedied by changing the default username and password while turning off any Telnet remote access (Coppock, 2017).
The cellphone, the most ubiquitously connected device today, has its own share of security issues. Pew Research found that 28% of owners do not lock their cell phone screen at all. 40% of owners only update their devices when it is convenient and 14% admit to never updating the software (Williams, 2017). Personal phones are connected at all times and contain personal correspondence, photos, banking, and contact information; however, a large percent of the population can’t be bothered to secure it. Perhaps in the future, government regulation will mandate protections for cell phones in the same way mandates were implemented for the automobile (Palmer, 2017). Safety belts weren’t always standard or legally required and airbags are a fairly recent innovation. People lived longer in spite of themselves.

read more... https://www.cyberdefensemagazine.com/th ... of-things/

[Nom De Plume]

Urban population is on the rise worldwide and smart city development projects are harnessing the power of the Internet of Things (IoT) to develop more intelligent, efficient, and sustainable solutions.

However, digital security investments in smart cities are severely lagging, thus seeding the future vulnerabilities of the IoT ecosystem. The Financial, Information and Communication Technologies (ICT), and defense industries will account for 56% of the US$135 billion projected total cyber security spend in critical infrastructure in 2024, finds global tech market advisory firm ABI Research (www.abiresearch.com). The remaining 44% of the 2024 spend will be split between the Energy, Healthcare, Public Security, Transport and Water & Waste sectors – leaving them woefully underfunded and incredibly vulnerable to cyberattacks, according to the research group.
Smart cities are comprised of a highly complex, interdependent network of devices, systems, platforms, and users. Smart energy, utilities, water and wastage, parking and automotive, industrial and manufacturing, building automation, e-government and telemedicine, surveillance and public safety are just some of the verticals that vendors and governments must secure.

“Smart cities are increasingly under attack by a variety of threats. These include sophisticated cyberattacks on critical infrastructure, bringing industrial control systems (ICS) to a grinding halt, abusing low-power wide area networks (LPWAN) and device communication hijacking, system lockdown threats caused by ransomware, manipulation of sensor data to cause widespread panic (e.g., disaster detection systems) and siphoning citizen, healthcare, consumer data, and personally identifiable information (PII), among many others,” explains Dimitrios Pavlakis, Industry Analyst at ABI Research. “In this increasingly connected technological landscape, every smart city service is as secure as its weakest link.”
Cloud service powerhouses like Microsoft, security leaders like Entrust Datacard and Rambus, cellular communication experts like Sierra Wireless, certification authorities like Globalsign, and multi-vertical service providers like Huawei are some of the key vendors providing smart city specific solutions.

According to ABI Research there will be approximately 1.3 billion wide-area network smart city connections by 2024. Almost 50% of those connections are expected to be LPWA-LTE and LPWA Proprietary. Some LPWA protocols like the NB-IoT are attempting to tackle at least some digital and communication security challenges.
However, the fact of the matter remains that these intrinsically lightweight cellular versions aim toward lowering bandwidth cost, increasing coverage, and lowering latency and are not, in general, capable of handling the increased number of cyber-threats in the interconnected smart city environment.

“Lack of cryptographic measures, poor encryption key management, non-existent secure device onboarding services, weaponized machine learning technologies by cyber-attackers, poor understanding of social engineering, and lack of protection versus Distributed Denial of Service (DDoS) attacks are just are some of the key issues contributing to the amplification of cyber-threats in smart city ecosystems. This is further exacerbated by the lack of digital security investments and will, unfortunately, jeopardize the key elements of intelligence, efficiency, and sustainability of future smart city deployments,” Pavlakis concludes.

https://www.mactech.com/2019/08/26/smar ... rsecurity/

[Nom De Plume]

How many of you have Smart technologies in your home?

[Neferti]

The only thing smart around my place is ME.

[Black Orchid]

I have a smart tv and a smart phone but the only 'smart' thing I use on the tv is the Netflix button and I don't use my phone for browsing the web.

[Neferti]

Well, I do have a "smart phone" but the only people who have the number are rellies and a few trusted friends.
I don't use it as a phone exactly since I only top it up with $30 every so often and mostly text people, when necessary. My health is not good so it is by my side for "emergencies", plus to tell me the time and what the temperature is. I let the phone (VOIP) go through to the answering machine, it is cheaper to call back at 15 cents (local and STD) than jump when the phone rings and feel depleted. Such is Life.