From Internet of Things (IoT) to smartphones, healthcare delivery to automobile systems, military systems to e-mails, we are a connected society heavily reliant on the Internet. The immense power of the Internet to advance and open up new communications avenues also makes us vulnerable to cyber attacks and hackers. The Identity Theft Resource Center reports over 177 million personal records were exposed in 2015, stemming from 780 breaches across the banking/financial, business, education, government, and healthcare sectors. Even more disturbing is the fact that cyber attacks or cyber crimes are increasingly more sophisticated, more dangerous, and more commonplace.
Aside from the breached data and other compromised information, cyber attacks are costly: “the average direct cost to a small business for a single attack in 2013 was almost $9,000, but that excludes brand damage and other soft costs.” On the national level, cyber attacks can be catastrophic, often exposing sensitive and critical national information. On the personal levels, attackers target citizens to expose their personal identifiable information. Other institutions like businesses and universities are attacked for trade secrets and cutting-edge research and development, respectively.
Understanding Cyber Attacks
Cyber attacks take many forms and are delivered through a variety of channels, yet the intent is often malicious and profit-motivated. It is estimated that cybercrime or cyber attacks will become a $2.1 trillion problem by 2019. Below are three of the common forms of cyber attacks:
- Web Application Attacks: All web applications can become targets for hackers, irrespective of the wide range of web applications. The attack commonly happens when a SQL(Structured Query Language) injection is deployed by hackers to gain access to systems and databases to destroy, alter, or misappropriate user information. This form of attack can allow hackers to “flood a site with traffic, making it impossible for the server to respond to requests” or “deface your website to promote their brand or their hacktivist ideals.” Calyptix Security estimates that 24 percent of all cyber attacks in 2016 can be classified as web application attacks.
- Malware: Malicious software or ‘“malware” attacks have the “ability to replicate and spread with little or no help from human users.” Discussing malware, cybersecurity experts, David Inserra and Paul Rosenzweig, write “malware can either hide in the background like spyware (software that surreptitiously steals information) or be aggressively obvious like ransomware (software that announces itself and insists on payment of a ransom to have it removed), or it can be a virus that erases entire hard drives.” In 2016, malware attacks accounted for 19 percent of all cyber attacks.
- Denial-of-Service (DoS): This is when a hacker slows down or crashes a website by inundating the website with flawed or partial requests. Calyptix Security estimates that DoS accounted for 9% of all cyber attacks in 2016. The threat of DoS increases significantly when we begin to analyze the potential impact they can have on IoT-connect devices.
The Challenges of Increased Connectivity
IoT is a network of connected devices that transmit, analyze, and store information over the Internet. “The Internet of Things,” writes Business Insider, “has been held up as the next big technology revolution that will lower business costs and make employees more productive, but it brings with it major baggage for corporate leaders.”
Take for instance the “connected soldier,” who is connected with his/her unit and commanders through a mobile, body-worn network of battery-powered sensors and antennas. This connected soldier is the future of the U.S. military. Engineers in both the private and public sectors are racing to overcome the technological challenges associated with the soldier’s complex systems in order to make this soldier a reality. The benefits of equipping our military personnel in this fashion are unsurpassed. Not only will they be able to share information with commanders efficiently, connected soldiers will also be able to alert nearby medics of an injury, thereby saving lives. Digital Engineering reports that “work is underway on new intelligent body gear that among other things includes on-board computers that allow soldiers to chat online during missions and to tie into key defense networks to tap into intelligence.”
This soldier, though technologically powerful, is extremely vulnerable to cyber attacks. Each piece of the soldier’s complex connected system is a point of entry for a hacker to deploy malware to control the soldier’s communication systems and movements. An attack can deliver inaccurate coordinates to the soldier and lead them into an ambush. Simply put, a cyber attack on a connected soldier could be disastrous.
Civilians are also at risk of IoT-specific cyber attacks with equally devastating results derived from health dangers associated with smart medical devices to security concerns of smart houses. This is evident in Business Insider’s reporting on the 2016 DEF CON IoT hacking competition, which sought to bring together experts to learn, network, and find security vulnerabilities in connected devices so they could be fixed. At the end of the competition, contestants identified 47 new IoT security flaws across 23 products, ranging from smart locks to thermostats, smart wheelchairs to solar energy management, and webcams to smart fridges.
Fred Bret-Mounet, a researcher who participated in the competition, uncovered a vulnerability with a solar power generation facility. The problems he found could have allowed him to spy on and hack the power supply of at least 1,000 homes.
In speaking with IoT Village organizers, Mr. Bret-Mounet explained, "I can shut down the equivalent of a small to mid-sized power generation facility. I can use that device as a Trojan within a target's network to spy on them. It looks very likely that I can remotely physically damage a solar array using this manufacturer's device."
These vulnerabilities, among others, point to the serious security issues associated with IoT devices. They also highlight the need for wider public education on cyber security and prevention. In a world where more things are connected to the Internet than people, we need to quickly innovate to address these challenges and not allow our need for increased connectivity to impede the essence of a secured world.