We live in a world governed by connectivity. In many ways, it’s taking over our lives and we need to be prepared to embrace both the benefits and the dangers. For many of us, the word “Trojan” conjures images of the infamous battle whereby the Greeks stormed through the independent city of Troy. Yet in recent years, this word has come to take on a new meaning – ringing alarm bells to those of us that are tech savvy.
In the same way that the Trojan horse became associated with danger during the Greek mythology days, at the beginning of the late 20th century, the word Trojan was applied to describe deceptively benign computer codes that seem legitimate – but are in fact, malware.
To this day, malware Trojans remain widespread. However, today’s internet users have the benefit of understanding these dangers and what can be done to avoid potential hazards. Yet, when it comes to connected devices, the same cannot be said. We are still surprised by hacks – because we aren’t prepared. This is why we refer to the Internet of Things (IoT) as the Trojan horse of our time.
So – why aren’t IoT devices safer, and how can we rectify this?
IoT and security: the challenge
We need to work to ensure IoT is safer, however, there are reasons that this is currently not the case.
1. Security is not part of the design process
Let’s think of why we buy IoT devices. It’s not because it is a comprehensively well-thought-out piece of technology, but because it amazes us with its futuristic features. The intelligent refrigerator or the IoT lamp do not reinvent the refrigerator or the lamp but enhance their abilities by making them smarter. This does not of course mean the same for industrial solutions, but many parallels can be drawn. User studies, as part of the design process, will always come to the conclusion that IoT is a new, fascinating market and the typical IoT users of the first hour seek novelty or usefulness over security.
2. Security would increase the price
IoT devices became attractive to the mass market. The average cost of IoT sensors is falling and by 2020 it is estimated to be about $0.38 (£0.28). Even manufacturers of specialised Industrial Internet of Things (IIoT) equipment are in fierce competition with one another. Spending a lot of money on the development of better security features does not make sense for manufacturers. The industry wants to achieve favourable prices through mass purchasing.
3. Security isn’t the number one priority
It all comes down to a two-way attitude from users and manufacturers. We need to be talking about IoT security more – but, given its damaging to a business to slow down market growth, we don’t take the time to speak about it enough.
IoT and security: the solution
IoT devices cannot be completely monitored. Even if the devices have been specifically deployed by a company’s IT department, traditional corporate security measures do not work. IoT devices can only be controlled to a limited extent by the IT team because they operate beyond their own closed systems. This means that to improve security, we need to consider three things that can help give us “peace of mind”.
We need to pay more attention to data. To secure our data, we don’t need to back up an entire IoT device. Instead, we need to look at the cloud to secure data from IoT devices. However, keep in mind that as soon as a mobile IoT device contains sensitive data, it will be a target to hackers. Not only this, but if an IoT system is managed by a central administration portal which is deactivated, it will no longer report on attacks to individual devices.
2. Trusted storage
IoT devices are predominantly mobile. The difficulty here lies in averting any malicious applications from them. One way to prevent this is by storing the device ID in a trusted area. This means you can decide who does and does not have access to communicate to the device – for example, by using biometric identifiers.
3. Look for radiation effects
Monitoring, no matter how sophisticated, cannot directly detect whether an IoT device has become the gateway to certain attacks. However, radiation effects can be identified. Via the network distributor, a monitoring tool can recognise when an unusually high amount of data traffic occurs. It can also be detected via pattern recognition if unusual traffic takes place in the network. A warning would then be sent to the system admin and the discovery of the device in question should proceed quite quickly.
We may still be at the beginning of IoT security, and we may still have a long way to go. But, if one thing is for sure, it’s that we need to be prepared or risk turning myth into reality as these Trojan horses attack.