A few weeks ago, we watched as two hackers took control of a Jeep Cherokee remotely through the wireless info-tainment center. Not only could they control the radio, but the door locks, steering, brakes, and practically every other system fell powerless under their commands.
Between connected devices, and automation systems which depend on accurate data, there are numerous points of vulnerability where a malicious attack could take place.
IoT presents a unique challenge, with multiple standards in all layers of the IoT stack, simply addressing this issue in a single layer, say gateway to gateway communication (think MQTT), there is still the possibility of attacking other layers, say sensor to gateway communication, which many times rely on simple electrical signals communication with an edge device.
In this article from Windriver (http://www.windriver.com/whitepapers/security-in-the-internet-of-things/wr_security-in-the-internet-of-things.pdf), we are taken through various layers of the IoT architecture, and presented with the different key concerns facing enterprises (and all companies implementing connected solutions), as well as some of the way’s these vulnerabilities are being addressed.
The bottom line is, security should be on the forefront of any IoT project plan. Even in a proof of concept, critical information can be leaked, whether it is personally identifiable information, protected information, or even proprietary data (re: mixing procedures during chemical fusion processes).
The Jeep Cherokee hack won’t be the last, and it definitely wasn’t the first, just do a Google search for unsecured web-cams and you’ll get a taste for just how lax we are with securing our devices. If your company is embarking on an IoT project, or already has one in place, it’s most likely time for a good physical and network security audit.