Photo - Nigel Tan, Director of Systems Engineering, Symantec Malaysia.
The next major digital transformation - the Internet of Things [IoT] - brings with it new security risks, according to security solutions firm Symantec.
Nigel Tan, director of systems engineering for Symantec Malaysia, said that security risks will increase as 'dumb devices such as your toothbrush, exercise machine and refrigerator' start to communicate with other internet connected devices and become smarter.
"The Internet - the 'Network of networks' - may very well be termed as one of mankind's finest inventions and 'Internet of Things' (IoT) could be seen as the optimal enablement of this invention, owing to its scale and utility," said Tan, adding that there are more than 10 billion wirelessly connected devices today, according to ABI Research data.
"By 2020, there will be more than 30 billion connected devices, which will bring about a 360-degree change in the way we communicate and operate," he said.
"In Malaysia, according to Malaysian Communications and Multimedia Commission [national regulator MCMC] statistics, there are more than 20.2 million people connected to the internet in Malaysia," said Tan. "Internet is visibly making every object or machine around us smarter, right from connected toothbrush, wearable fitness tracker with embedded sensors and smart refrigerators. We will soon live in an ecosystem where these 'dumb devices' would acquire intelligence through an inbuilt OS enabling the devices to get connected with other paired/authorised devices."
"The dynamism of the IoT is one of its most challenging features as most of us in our day-to-day lives might come across many of these smart devices, yet be unaware of the consequences that might pop-up if they are not secured appropriately," he said. "More the connected devices, greater is the range of 'significant' security challenges across data privacy and physical security that have the potential to disrupt functionality of consumers and businesses in new ways."
Security risks in wearables and apps
Tan said that while organisations and governments benefit from device to device communication, the apps and services that ride on the devices presents potent security risks. "More challenging perhaps is the potential for data aggregation across smart devices, internet-based services and existing data pools."
"Symantec has found security risks in a large number of self-tracking devices and applications," he said. "One of the most significant findings was that all of the wearable activity-tracking devices examined, including those from leading brands, are vulnerable to location tracking. Our researchers built a number of scanning devices using Raspberry Pi minicomputers and, by taking them out to athletic events and busy public spaces, found that tracking of individuals was possible."
"In addition, Symantec also found vulnerabilities in how personal data is stored and managed, such as passwords being transmitted in clear text and poor session management," he said. "And as wearable technology continues to gain momentum, more new devices will be connected to IoT, which opens up new security vulnerabilities related to having countless connected devices."
Tan said that beyond intrusion and direct hacking, organisations are likely to encounter potential risks such as:
- Denial of service - IoT scenarios are dependent on networks of physical objects - from supply chain to building's management applications, from smart parking to intelligent waste disposal. DDoS attacks could target all the end points of a particular use case, making the things inaccessible and breaking the use case they support
- With the advanced ability of getting connected with other paired devices, these smart devices could increasingly be turned to unplanned usage. Imagine if the processor in every plug socket became able to send Spam, to generate costly SMS messages, or indeed participate in a DDoS attack
- Physical objects were generally not designed to be internet-connected, and therefore network security was not considered by design. So empowering these dumb devices to be able to connect to the internet might lead to weakening of perimeters
- New devices entering into an organisation's ecosystem through employees might also bring inadvertent breaches into the system by acting as accidental gateways, providing access into corporate systems
Sign up for CIO Asia eNewsletters.