Imagine the Internet of Everything—a world where every single item you touch, from a light bulb to the brake system in your car, has a microcomputer and IP address. All the data stored on the device is accessible 24/7 from anywhere in the world.
Now imagine the type of information that is stored in the Internet of Everything:
- Your blood pressure, temperature, and your pulse, all from a wrist band you wear, with the stored data available for your doctor to monitor 24/7;
- Your car data, such as fuel consumption, oil and tire pressure, and the latest computer updates, all of which is sent via the cloud to your mechanic’s computer system daily;
- Your home appliance systems, including your thermostat, home security system, lights, oven and refrigerator, all available for you to access via your smart phone so you can warm or cool the house on your way home from work, or even preheat the oven.
Finally, imagine these devices with minimal or no security.
By tapping into the microchip in your oven, anyone can gain access to your home network, because the oven is, of course, connected via WiFi. By connecting to your health monitoring device, anyone can access your medical records. Worse still, by gaining access to your car’s computer someone with ill-intent is able to disable your braking system and tell the car to accelerate as you are driving.
Got it. Ok, you’ve just envisioned the Internet of Everything and the potentially serious repercussions associated with this new world. And, it is happening today. Right now.
A Scene from James Bond? Perhaps Not. Envision a pacemaker, surgically implanted that can be accessed wirelessly via the Internet by your doctor to monitor your heart’s current health. One day, hackers gain access to systems running this pacemaker and shut it down, seriously injuring or killing you. Farfetched? Perhaps not. Doctors and security specialists modified the wireless heart monitor of former Vice President, Dick Cheney, to prevent remote assassination attempts.
The consequences of little or no security, or even flawed security on the devices we use every day—and take for granted, like a light bulb—are fairly mind boggling. The idea that a hacker could gain access to personal or corporate data via a light bulb may seem ludicrous, but just recently, a new WiFi connected light bulb was pulled from the market when it was discovered that a serious programming flaw enabled anyone to access the home computer system via the WiFi connection.
And then there are the flaws in the existing software that has been around for decades. Take Shellshock, for example. The recently discovered bug found in the Bash programming shell is currently in use on at least half a billion servers and internet-connected devices, including medical devices. On a scale of 1 to 10, with ten being the maximum for impact and exploitability, The National Institute of Standards and Technology rates Shellshock a “10”. It is very likely that only a small percentage of these devices running Bash have been updated. So, if hackers haven’t already gained access to these systems, it is likely they will very soon.
Technology analysts predict that there will be more than 50 BILLION connected devices by 2020. While the amazing and almost unbelievable advantages of this type of connectivity is something straight from science fiction, the equally frightening reality of what cybercriminals could do with access to these devices is nightmarish.
Security for these devices must be ramped up—and ramped up quickly. For example, by adding advanced persistent threat detection solutions to systems and networks, devices would be protected from compromise. Cloud-based security, device authentication, embedded intrusion protection, and secure booting are just a few of the security solutions that companies should begin thinking about to protect their Internet connected devices.