Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The Internet of Things: Top five threats to IoT devices

David Geer | Jan. 10, 2014
In light of the burgeoning IoT market, we identify five categories of IoT devices at risk in the coming year. CSOs who are aware of the threats and potential damage to their organisations can prepare accordingly.

Wearable Devices, Google Glass
The global wearable technology market will reach $4.6 billion in value in 2013, according to Visiongain, LTD, and continue to rise in 2014. In that market, devices such as Google Glass are a major attack vector because they automatically connect to the Internet. And, these devices have very few if any security solutions on them.

Hacking Google Glass provides attackers with confidential corporate information and intellectual property. An organization may not know what kinds of data or how much a wearer absorbs using Google Glass as they move through offices and other environments in the enterprise. A hacker could copy that audio and video.

"Every organization should write policies for wearable devices that limit where these things can be used, when they can be used, and what their acceptable use is," Irvine says.

Retail Inventory Monitoring and Control, M2M
Global wireless M2M revenues will have reached $50.1billion in 2013, according to Visiongain, LTD. As of 2014, inventory management technologies will increasingly include inexpensive 3G cellular data transmitters on packages. These transmitters will connect to the Internet, making these applications vulnerable to Internet-based attacks, according to Pescatore.

"These rudimentary devices enable detection, statistical information gathering, remote management and very little else," says Irvine. There are few if any security solutions to protect the devices or limit device snooping.

The purpose of the new 3G transmitters is constant, real-time position reporting. But, hacktivists who would normally bombard websites with denial of service attacks could instead intercept these transmissions and tell servers that WalMart, for example, is continually selling out its supply of soccer balls, leading to massive soccer ball shipments bombarding WalMart stores, according to Pescatore. "Or, hacktivists or opportunists could influence the stock price of Kellogg's for example by over or under shipping Corn Flakes," Pescatore says.

Enterprises must securely configure these inventory control systems and M2M technologies and segment them onto secure, inaccessible, encrypted frequencies. That does not happen today. "I can go in with a wireless frequency scanner and see communications occurring. Once I detect it, I can see what it the frequency and signal are. And once I see that, I can affect its communications," Irvine explains.

Drones (unmanned aircraft) for domestic (non-military) use
In February of 2012, the Congress established the FAA Modernization and Reform Act with numerous provisions for unmanned aircraft with the general thrust that the FAA will speed the inclusion of UAVs/drones in the national airspace system in three years' time (by 2015). "Drones will be prevalent across the country five years from now," says Erik Cabetas, Managing Partner, Include Security, LLC. CSOs should start to plan for drone security measures now.


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.