Is IoT the ‘asbestos of the future’?

Published on the 17/10/2019 | Written by Jonathan Cotton


Everything is a computer_Hypponen’s Law

Just what is the cost of unfettered connected-device growth?…

“If it’s smart, it’s vulnerable”. So says ‘Hypponen’s Law’, an aphorism coined in 2016 by Mikko Hyppönen, chief research officer at Finnish cyber security company F-Secure.

While that internet-connected coffee machine might seem like a great front reception area gimmick, mindless proliferation of less-than-smart devices might be making a bigger mess than we realise.

Hyppönen says that long term consequences of ubiquitous insecure connectivity is a disaster already in motion.

“Asbestos,” he stated while speaking to the press in Helsinki recently, “was such a great innovation. It looked like a miracle material, originally.

“Such a great innovation, which then decades later turned out to be the worst innovation.”

“This is what our kids will hate us for.”

Hyppönen was drawing a parallel between the infamous cancer-causing insulation material which now has to be painstakingly removed – at great cost and inconvenience – everywhere its discovered. The unmindful pursuit of ‘connectivity everywhere’ could have similar consequences, he argues.

He might have a point. The number of connected devices that are in use worldwide currently exceeds 17 billion, seven billion of which are IoT devices in particular, and it’s that category that’s growing the fastest.

“Global connection growth is mainly driven by IoT devices – both on the consumer side as well as on the enterprise/B2B side,” says IoT market insights company, IoT Analytics.

“The number of IoT devices that are active is expected to grow to 10 billion by 2020 and 22 billion by 2025. This number of IoT devices includes all active connections and does not take into consideration devices that were bought in the past but are not used anymore.”

The company estimates that the total IoT market will reach $1.6 billion by 2025.

And as the speed of proliferation increases so too does the number of low-value connections, Hyppönen says.

“As connectivity becomes cheaper and cheaper, eventually, it’s not going to be just smart things going online, it’s going to be stupid things… things consumers don’t really need to be online.

“Everything will become a computer and right now this seems like an excellent idea to many of the companies in this business.

“It’s not the first [instance of], technology taking us to the wrong direction. So I think this is dangerous. It’s very dangerous for our privacy. It’s dangerous for our security.

“This is going to be the IT asbestos of the future. This is what our kids will hate us for.”

It’s clear Hyppönen has a gift for a pithy soundbite, but he’s also got a point.

And right now we’re at the thin end of the wedge. Connectivity is becoming cheaper and as manufacturers of internet-connected smart devices rush to meet the market, insecure technology is flooding the market.

Also rushing to meet the market are those that would exploit the opportunity provided by proliferating, insecure connected tech.

In the first half of this year Kaspersky set up 50 IoT ‘honeypots’ – networks of virtual copies of various internet connected devices and applications – and detected more than a 100 million attacks on IoT devices from more than a quarter of a million unique IP addresses.

That’s a big number, but more dramatic is year-on-year increase: Nine times as many such attacks occurred in the first half of 2019 than in 2018.

That’s the bad news. So what’s to be done?

In the short term, we can start by brushing up on the basics. That can be as easy as updating a default password, says Dan Demeter, security researcher at Kaspersky Lab.

“IoT is a fruitful area for attackers that use even the most primitive methods, like guessing password and login combinations.

“This [kind of hacking] is much easier than most people think: The most common combinations by far are usually ‘support/support’, followed by ‘admin/admin’, ‘default/default’. It’s quite easy to change the default password, so we urge everyone to take this simple step towards securing your smart devices.”

As for the longer term problem – a growing infrastructure of billions of insecure IT devices – that’s a harder question and one that will likely involve a long road of increasing regulation from government, standardisation from industry and a new focus on end-to-end security approaches from manufacturers themselves.

FURTHER READING

Owen Key_CIO Summit 2019

Owen Key: The Auckland cop securing Calgary city

June 6, 2019 | Heather Wright

Chief security officer shares lessons from the original supercity…

Tim Berners-Lee_Future of WWW

New world order: Is it time for Internet 2.0?

October 11, 2018 | Jonathan Cotton

Goodbye passwords, logins and data-hungry tech giants. The net’s future might just be on a USB…

2017 Cybercrime recap

By the numbers: Cybercrime in 2017

January 30, 2018 | Jonathan Cotton

What happened, what’s coming next and what you can do about it…

Smart cars and biometrics

2018: The year of zero-login, smart cars & the biometrics of things

January 24, 2018 | Jonathan Cotton

What’s your mother’s maiden name? Don’t ask…

Fake news_Cyber security

Fake news and cyber security

November 30, 2017 | Donovan Jackson, Jonathan Cotton

Why thinking clearly about security is so hard…

Post a comment or question...

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Processing...
Thank you! Your subscription has been confirmed. You'll hear from us soon.
Follow iStart to keep up to date with the latest news and views...
ErrorHere