02
Feb
2017
1:46 AM

IoT at home? Should you be concerned?

intel.com

Image Source: intel.com

The world is pushing into automation which relies on devices we conveniently call IoT (Internet of Things). IoT allows automation to exist in residential homes, buildings and factories (realizing Manufacturing 4.0). But how ready are we to move into a science fiction like city. Where everything is and can be controlled remotely via the Internet. The keyword here is everything...$$$. And hence, since everything is a lot of things (EiaLoT), IT and Tech companies are racing to come up with IoT devices and infrastructure supporting its use to market to consumers. Companies like Intel1, ARM2, Samsung3 and Cisco4, and many more are either producing consumer products or supplying new types of processors, sensors and actuators supporting the development of new applications in IoT. The growth for IoT market have since doubled since 2015. Along with it, comes a growing concern for security. Am I worried that a hacker can lock me in or out of my house? Cause havoc in my home? Playing that funky music at 3am in the morning?

Before IoT was called IoT, we just called them automation. Researchers have long dreamt about controlling their labs from home. So that they can monitor their microscope or telescope from home, or while being in the bathroom. Myself included, building IoT devices to control doors, alarm systems, and to monitor the humidity and temperature of our office premises(it's not useful, but cool nonetheless). Resesarchers in the past have use devices like Arduinos, Raspberry Pi, Gumstix, and others over Zigbee, Wifi, and other means of communications protocols.

As I was exploring the applications of these devices, I've never really looked into security concerns. In 2013, a researcher showed some vulnerability of the Z-Wave protocol used in IoT devices. Since Z-wave is a commercial and widely used protocol, the discovery was significant. The vulnerability allows one to bypass security to access IoT devices5. Let's face it, if this becomes mainstream, and security is still a concern, the ministers can be locked in Cabinet meeting with no way to get out, while the Fire Sprinkler is turned on by a hacker. That would be a lovely sight, but bad for the sustainability of a science fiction city. Fortunately, there are other researchers working on security for IoT devices. Actually, too many and I will try to give a review on it sometime later if time permits. But it is obvious that we need to somehow bring the security community, from network penetration testing to wireless radio Penetration Testing6.

IoT will be commonplace, it will be a part of everything in our lives. What it means for researchers is that research exploring IoT application must comply to current standards currently inplace. For security researchers, there must be a way to test and validate security claims from manufacturers. Therefor, there is a need to produce tools to measure and evaluate IoT security concerns. As a researcher myself, we are looking into applying new security measures into IoT, but what kind of penetration testing should be applied to it? what would be suitable for testing? Well, that's what research is all about...searching...and searching and searching...back to searching again. When i find it, i'll blog about it for you.



You may also like