The tsunami-sized trend to add intelligence with sensors and actuators and to connect devices, equipment and appliances to the internet poses safety, security and privacy risks.
Proof comes from a recent meta-study titled The Internet of Hackable Things (pdf) from researchers at the Technical University of Denmark, Denmark; Orebro University, Sweden; and Innopolis University, Russian Federation—compiled from industry and academic research reports—that finds smart devices used in healthcare and smart homes and buildings pose daunting risks.
The authors quantify the risks of Internet of Things (IoT) devices:
Some of the data and examples used by the authors were somewhat dated. Nevertheless, they are still a concern because most of these devices are still in use, especially medical devices.
In particular, smart equipment such as CT scanners proved to be at risk of an attack capable of increasing the radiation exposure limits to harmful or fatal levels. Another potentially deadly weakness cited was Implantable Cardioverter Defibrillators (ICDs), which automatically shock patients going into cardiac arrest. They use a Bluetooth stack with weak, easily compromised passwords to test their devices after the implantation.
IoT architectural reasons contribute to these flaws and exposed weaknesses:
Most risks are perceived to be financial. However, the authors include examples disproving this. Health records can actually be more valuable than banking and credit card information. For example, a health record that includes identity information such as Social Security numbers, addresses, children and jobs can be priced as high as $500 each.
That is not a theoretical estimate. The identity data of 78.8 million Anthem customers and 113 million Office of Civil Rights users were breached. This information is sold to the highest bidder on the dark web.
Some of the responsibility for the risks was attributed to device makers:
It should be noted that the source of this data is from a 2015 study from Capgemini.
The race for IoT is similar to the early history of Windows and Android products, as security was often overlooked when companies rushed to design and deliver products to a fast-growing market.
The authors of the report represented this issue mathematically:
Compounding the problem, when you have a diverse ecosystem of device makers and manufacturers adding sensors, cameras, and connectivity to everything from medical equipment to smart TVs, you get an ecosystem of disparate and diversely architected platforms.
