get IT done
Repercussions of IOT! By Tony Keefe, COO of Entre Computer Services This is not your dad and mom’s internet. It is not even the same internet from five years ago. In the beginning the internet connected people. Now, the internet connects things and there are now a great deal more connected “things” than people. We are amid a new revolution – the Internet of Things (“IOT”). Most people began using the internet to connect their legacy computing device (PC, laptop, or phone). Recently there has been a veritable tsunami of connected devices; smart TVs, Android and Alexa’s speakers, security cameras, doorbells, door locks, thermostats, lights, and others. In 2018, there were seven billion connected IoT devices. In 2019, that number jumped to almost twenty-seven billion. In the next decade, 31 billion more IoT devices will join the party. With 8 billion people on this small blue ball (Earth), we will add almost four ITO devices for every living human. This revolution will be a blessing and a curse. Imagine that your aged parent insists on living by themselves. How can you be reasonably assured that they are “OK”? Wouldn’t you feel better knowing that they were taking their medication, eating, and going to the bathroom regularly? IoT allows [internet connected] sensors to be applied to a RX bottle, refrigerator, and toilet. These devices can allow you to see that your parent is [at least] taking care of their own basic needs. Unfortunately, these helpful devices can be subverted by bad actors for nefarious purposes. While you can be “spied” through your cameras, more concerning is how these devices provide a small door to a large treasure. These devices have value because they are connected. However, that connectedness makes them exploitable. Manufacturers can take steps to secure devices at a hardware level but that costs money. This investment is often cheated in favor of profitability. Take for example the following headlines: “Millions of Smart TVs Scanned WiFi Every 10 Minutes, Sent Personal Data to Company”– these scan device attributes [user's IP address, device names and network latency] and send it to the vendor every few minutes. “FDA warning: Scores of heart implants can be hacked from 20ft away” – These devices allow a bad actor to deplete the battery or administer faulty pacing or get IT done
shocks. “How are you feeling now Ma?” “Hackers can access your mobile and laptop cameras and record you” - Faulty software lets anyone with the devices IP address to look and listen. “Hackers Remotely Kill a Jeep on the Highway— With Me in It” – White hats exploited a firmware update vulnerability and was able to make the vehicle speed up, slow down and even veer off the road. While these are scary, my favorite may be: “A Casino Gets Hacked Through a Fish-Tank Thermometer” - In this scenario, attackers subverted an IoT thermometer to access the network. They used that path to find and download the “high-roller database”, through the thermometer! We need standards and regulation to secure the world of IoT and we are seeing both industry and government weighing in. While our regulatory bodies catch up, there are a few steps we can take to provide a modicum of safety. The general rules of thumb include: 1. Do not purchase or deploy devices that cannot have their software, passwords, or firmware updated. 2. Immediately change the default the username and password for device on the Internet. 3. Always use passwords that are unique to the occasion. Just as your work password should not be your banking password, your lights should not use the same password as your TV. 4. Be assiduous in applying patches to the devices you control. Patch IoT devices with the latest software and firmware updates to mitigate vulnerabilities.” Live fully, live safe and hasten slowly. Think About IT
Tony Keefe, COO, Entre Computer Services www.entrecs.com JUNE 2021 The ROCHESTER ENGINEER | 9
