It is marvelous how the introduction of Internet of Things (IoT) simplified the machine-to-machine (M2M) communication and enhanced transparency and efficiency. IoT provides continuous monitoring of little things such as knowing that if you are short of grocery or there are several expired products in fridge. IoT provides relief for those who are always in rush. The biggest advantage of IoT is saving money. However, now, stupid little things are connected to internet just for the sake of connectivity and the sad part is not many are concerned with the security of the product as long as it sells.
IoT is consists of billions of online systems that are connected to domestic appliances, workplace machines, and even cities. Several systems work silently, invisibly and monitor city’s traffic and your routine like a ghost. At first, the concept started with an idea to connect necessary things to internet to increase the efficiency. However, they have become so controlling that IoT has a grip over person’s life. It is a known fact that no computer in the world is completely secure and cyber hackers love to prove that at times. Smart fridge, Smart home theatre, the trending virtual assistant Alexa and several other so-called smart applications are part of massively distributed internet network. What if someone decides to mess with these applications? Instead of preventing such attacks, IoT opens billions of doors to do so. Moreover, it has become relatively easy to hack IoT products as few manufacturing companies are concerned with person’s safety and privacy. Several manufactures ignore safety to reduce the product’s cost. From the recent events, even the secured devices such as driverless cars are proven to be vulnerable. Imagine, the worst case scenarios– someone decides to muddle with pacemakers, air traffic control systems, or start a cyber-war, what will be the ramifications of such situations? It could lead to injury and even death.
While people are asking the “what if” questions, there are several attackers that are making their next move. The recent WannaCry ransomware attack is the best or maybe the worst example of cyber-attacks. In May 2017, the worldwide cyber-attack targeted Microsoft Windows Operating system, asking them for ransom payments in Bitcoin in exchange of the computer’s files. Though the attack was ceased in few days after the discovery of “kill switch,” it showed the world how IoT can be affected by such horrid attacks and internet is the least safe place on the Earth. Apart from cyber-attacks, the threat of botnet is rapidly increasing. Botnets are internet-connected devices designed to performed distributed denial-of-service attack (DDoS attack), steal data, send spam, and allow the attackers the access to anyone’s internet connection. DDoS possess invincible weapon as malware use thousands of devices to bombard the internet servers with traffic that disables access to the essential resources. As every IoT application is run and controlled by internet, which gives botnet undeniable control to manipulate millions of lives. The memory of Reaper IoT is still unshakable in people’s minds. In September, Reaper botnet was discovered, which used to run list of unknown username and passwords against the device. If the device gets infected, it can spread malware to other less secured devices and enslave them into the botnet network.
One might wonder about the role of government in preventing such illicit use of IoT. However, instead of implementing strict rules, government has pressured manufacturing companies to make their products less susceptible to cyber-attacks. This does not address the core problem as companies will keep on selling their products with poor security because people tend to ignore security over cheap price. If we really want to fight with cyber threat, we should rethink the need of IoT in the first place. If the product fulfils laudable aims, there should not be a need of internet connectivity just for the sake of connectivity. This will require a fundamental shift in mindset, putting public’s safety before company’s profit.