Tim Berners-Lee created what we know as the World Wide Web in 1990 (Andrews, 2013), the creation of the World Wide Web led to a developer creating new devices to access and use it. Fast forward in time to the present and the number of devices that can access the internet is almost unfathomable when you start to think about it. The world has gone from computers the size of entire rooms, and 5 Megabyte floppy disks.
To essentially supercomputers in the palm of your hand and 5 Terabyte hard drives. Anything that is not a computer or a phone will fall into what is called the Internet of Things (IoT), so tablets, Amazon Alexa, Google Home, Fitness watches, anything that can pass data on the internet is part of the IoT.
IoT device has allowed users to enjoy things they never thought they could. Virtual reality goggles allow a user to experience things like walking on the beach for those who are in a wheelchair for example.
While developers have made great leaps and bounds with creating new products to increase efficiency and enjoyment in life. They have failed to keep up with the security need for IoT devices. IoT device is on pace to be the most targeted systems, between 2017 and 2019 attacks on IoT devices increased by 217%. (Gatlan, 2019) This is due to almost all IoT devices not having any type of security on them. There is not anything in place requiring minimum security on IoT devices like there is for cell phones and computers.
While IOT devices create a more connected world, the lack of cybersecurity requirements for them is creating a dream world for threat agents.
The hottest trend with IoT devices is creating turning your home into a SmartHome. A smart home is where everything in your house is connected from your lights down to microwave. This will start with something as simple as a SmartTv, the Tvs will allow users to do anything from watching normal cable to searching YouTube right from their couch. After you have that you can get a Smart fridge that you can look into whats in your fridge while youre at the groceries store. Now through an Amazon Alexa or a Google home and you can control all of these things by just using your voice
IoT devices are usually an easy target for threat agents to attack your system. This is due to the fact that developers and manufacturers are not required to place any type of restrictions or any security measures for that matter. SmartTv will transmit your data over plain text that anyone can see. You can go onto YouTube and look up countless videos of people using free software like Wireshark to highjack a Facebook or Twitter authenticated sessions. The attacker is able to do this because the target was sending their data over plain text. The simplest way to stop this type of attack is to use a Virtual Private Network if you connect to an unsecured WiFi. This will send your date over ciphertext to where the attack cannot see the data.
A perfect example of how IoT device creates an easy access point for any threat agent to breach your network and either cause harm to it or to steal the data that your network has on it; is when a casino high roller database was stolen thanks to their fish tank that was in their lobby. Most people would ask how that is even possible.
The answer is the casino had a WiFi thermometer in the fish tank to monitor it remotely. While this provided efficiency on making sure the fish tank did not get too hot or cold it provides the perfect route for the attackers. After gaining access to the network they found the database they wanted and pulled it out the same way they got in. (Williams, 2018) The attack they used is called pivoting where you access a device in a network to get to the other device. This type of attack could have been thwarted with a proper network configuration. The thermometer had zero need to access the server if they would have blocked that connection, the attackers would have failed.
Google homes and Amazon Alexa are hot trends right for people to own and use voice commands instead of using their hands. While this is very convenient for some users their new favorite toy may be listening to their every word without their consent or knowledge. Researchers from Zhejiang University in China discovered a major flaw within almost all the voice assistant technologies. They found out that a threat agent could use ultrasonic frequencies that humans are unable to hear but, the microphone in Alexa can hear just fine.
This type of attack has been coined as the Dolphin Attack. (Swati, 2017) This attack does not just stop at turning on your microphone it could send a command for your devices to go to a malicious website and download malware to your phone or other devices. The easiest way to stop this type of attack is to disable Siri or any other voice assistant that you are currently using. These are known security faults within the IoT device that manufacturers are just ignoring to cut cost.
The next issue dealing with IoT device lack of privacy they have any information they collect. If an end user has a Smartwatch it will track all of their movements. Courts have already allowed the tracking data in admitted to a court in personal injury cases, and its possible to be allowed in the future for divorce cases. (Anonymous, 2015) Even though it is highly unlikely that an Alexa is listening to your every word, it still holds on to everyone you order by using it. This allows for personal adds to be sent to your Facebook or on the side of your google searches. One would think that all these security issues would hesitate customers from buying IoT devices.
Currently, everyone is going towards having Smart home where they can what is going on in their house by the cameras they installed, to knowing what to buy from the store by looking in their fridge. It is possible that in the near future driving will be all done by the artificial intelligence, Self-driving cars have are increasingly becoming commonplace, The Company Uber is deploy their own self-driving cars for customers to pay for rides to their destination. This only the beginning of the Smart Cities.
Smart cities spend is projected to be 135 billion dollars by 2021. (Maddox, 2018) Automation that comes with Smart cites dissolves the need to interact with other humans. Amazon is in the testing phase their first grocery store that is fully automated allows you to just go into a store and get what you need without ever having a cashier check you out of the store. Currently, its only one store that is in testing operations, but this could quickly become how all stores will operate. How works are that the customer will scan the Amazon go smartphone app when entering the store. After that whenever they pick up an item it gets added to the cart in on the application, if they put an item back it will be taken off.
The only human interaction that you would have is when trying to buy alcohol because the law requires your age to be verified. (Dastin, 2018) This could easily be avoided by adding age verification on the app. If someone who is underage tries to sneak alcohol out it will sound the alarm for the security guard apprehends the criminal. In the future, everything will have chips and applications and human interactions for anything could be brought down to the bare minimum.
The most catastrophic threat to the implementation of Smart Cities is a cyber fire sale. A fire sale is when a cyber-attack is conducted that will take down the physical and cyberinfrastructure. It may sound like another movie plot, but its real-life threat to everyone. Almost every facet of our world relies on a cyber connection. If attackers we able to bypass the security gain access to a nuclear power plant network, they would have a nuclear bomb they could set off at any time. That may be an extreme case, however, it just solidifies the justification for requiring strong cybersecurity laws in place.
Probably the biggest IoT thing the cyber world is heading towards developing is Artificial intelligence, this is both extremely interesting and immensely terrifying for how artificial intelligence could be used against us, while it may seem like science fiction it is all very possible. In fact, Sophie is the first recognized citizen that is a gynoid or a humanoid robot that resembles a female body. (Sanjit Singh Dang, 2019) In the future, we could have more and more humanoids becoming a citizen or artificial intelligence taking over jobs like fry cooks or carpenters depend on how much engineers advance in Artificial intelligence algorithms.
The other side of the coin is maybe not so much a terminator, but it is very possible that it can happen. The Massachusetts Institute of Technology (MIT) proved that what data is fed into it. By feeding the algorithm pictures involving death and other horrific images changed how it reacted to ink blots. This artificial intelligence saw death within all the ink blots. They also did this test on another artificial intelligence that was fed pictures of pleasant imagery and the results were the polar opposite. (Wakefield, 2018) Psychopathic artificial intelligence is just one reason why future regulation is needed to protect customers.
Manufactures cannot be trusted any longer to do the right thing for their customers. This is where anyone from the company to the government on imposing the requirements on IoT device to help elevate the security faults. Late within the year of 2018, California was the first state in the United States of America (USA) to enact regulation on privacy and security of IoT devices. While the law was criticized for lack of detail, it provides a pivotal first step towards securing IoT devices. It requires manufacturers to guarantee that the devices will have security on them and stop allowing all the devices to collect so much information from its user. (Crowell & Moring LLP, 2018)
Currently in the United States of America Congress is a bill that has been put for legislation. The bill is a major step in the right direction towards securing IoT devices from becoming the dream world for threat agents. The bill would force IoT devices to have the same standard. It would require suppliers to certify devices do not have any known vulnerabilities. Secondly, it would necessitate that they supply the devices with security updates in a timely manner. Lastly, suppliers would have to inform the customers when cybersecurity patching is no longer supported on the device. (Rudawski, 2017)
If regulation is not passed then the future of IoT devices will be like Disney Land for those individuals who have malicious intent. A perfect example for attackers to gain access to your phone is through your car radio. Car radios have essentially become smart radios you can connect Bluetooth to them and use Android auto or Apple Car play. Once you hook your phone up to the car that is now trust connection and your phone will freely pass data to the car radio. When was the last time you look at the car radio manufactures website for a security update on it?
Attackers know that most people do not update those devices especially, because most people are just too lazy to manually update it or just do not know how to install the update. If the attacker gains access through a known vulnerability into the car radio, they now will have access to any phone that creates that trusted network between the two devices. That means the attack can now read your emails, look into your contact, or see where you have been from your navigation application on your phone.
If or when new cybersecurity laws are passed for IoT devices. It is going to cost manufacturers more money to produce devices. They are going to have to pay software engineers to provide updates and patches for the devices. Companies are not going to just pay out of their profits to comply with these new laws. It will be imposed on the customers by raising the price of every IoT device. Customers should be willing to pay the extra cost to help protect themselves for threat agents.
The unfortunate reality is that even with the new impose regulation and keeping up to date with the latest update and security patches will not be enough to stop all attacks. Eventually, an attack will find a vulnerability and create their own zero-day attack. A zero-day attack is when malware is released that exploits the vulnerability that was not identified. Threat agent will use the same method of attack that a lion hunting prey does, they will always go after the easiest target first. If the purposed regulation is not passed and users do not keep up to date on all their devices. Then everyone becomes the easiest prey for attackers.
Andrews, E. (2013, December 18). Who invented the internet? Retrieved from History.com:
Anonymous. (2015). IoT- Some Call It ‘privacy hell’. Information Management, 10, 49. Retrieved from
Crowell & Morning LLP. (2018, October 2). California Enacts First IoT Security Law in U.S. Retrieved from Lexology:
Dastin, J. (2018, January 21). Amazon’s automated grocery store of the future opens Monday. Retrieved from Reuters:
Gatlan, S. (2019, March 29). IoT Attacks Escalating with a 217.5% Increase in Volume. Retrieved from BleepingComputer:
Maddox, T. (2018, July 16). Smart cities: A cheat sheet . Retrieved from TechRepublic :
Rudawski, A. (2017, August 3). US Senators introduce IoT cybersecurity bill. Retrieved from Data Protetion Report:
Sanjit Singh Dang, P. (2019, Feburary 25). Artificial Intelligence In Humanoid Robots. Retrieved from Forbes:
Swati, K. (2017, May 07). Hackers Can Silently Control Siri, Alexa & Other Voice Assistants Using Ultrasound. Retrieved from The Hacker News:
Wakefield, J. (2018, June 2). Are you scared yet? Meet Norman, the psychopathic AI. Retrieved from BBC News:
Williams, O. (2018, April 15). Hackers once stole a casino’s high-roller database through a thermometer in the lobby fish tank. Retrieved from Business Insider: