Now a days, some manufacturers have produced and sold devices without sufficient security features. This has caused a serious harm for corporates and individuals. Corporate and individuals consumers of Internet of Things (IoT) devices should have the technical expertise to evaluate the cost/benefit of purchasing IoT devices. Corporate and individual consumers have to realize how vulnerable the IoT can be. It just takes a quick search on IoT search engines like Shodan.io. These connected devices are very where in the World. Business Insider forecasts there will be 50B Figure 1.0 devices connected to the internet by 2020, up from 7.2B in 2015 1.
The easiest way to map IoT devices left unsecured on the web. With one click, I was able to find 20 connected IoT devices to the internet in Kuwait Figure 2.0. Imagine that unskilled team install a traffic system and connect to the internet without proper security controls! What will happen? And not only that, what if a Smart hospital connected their operation devices to the internet without proper security controls! It is only one click and people life will be in danger.
Unsecured IoT devices were the main devices used in the Highest DDoS happened in 2016. People tend to have luxury devices without having a proper security controls. The manufacturers also responsible for these issues. Manufacturers tend to reduce security controls because these controls will slow down the devices causing the consumers to avoid using the devices. What happened in Oct 2016? How was the IoT devices responsible for the attack? How could an IoT devices used to Overthrowing the Government?
On 21 October 2016 IoT devices was responsible for the highest distributed denial of service (DDoS) attack. The 10/21 attacks were by huge amounts of bogus traffic to targeted servers, belonging to Dyn, “a company that is a major provider of DNS services to other companies”. This made it hard for some websites to work properly, including Twitter, Facebook and the PlayStation network. Beyond these high-profile sites, it is likely that thousands of online retails like Amazon were disrupted. The 10/21 attacks were by large number of unsecured internet-connected devices, such as home routers and IP cameras. The attackers employed thousands of such devices that had been infected with malicious code to form a botnet “A network of private computers infected with malicious software and controlled as a group without the owners’ knowledge”. The software used to crawl the internet to find unsecured devices is freely available same as used in Shodan. Even though some of these devices are not powerful computers, they can generate massive amounts of bogus traffic to swamp targeted servers, especially if you abuse a large number of them at once. Imagine that cheap webcam was a reason to bring down the whole Internet. Chinese electronics maker called XiongMai recall for their IP webcams after the DDoS happened in Oct 2016 2. “A Chinese electronics maker has issued a recall for millions of products sold in the U.S. following a devastating cyberattack that took down websites including Twitter and Netflix, but has lashed out at critics who say its devices were at fault.” Hangzhou Xiongmai Technology said in a statement that customers failing to change their default passwords resulted in millions of Web-connected cameras and digital recorders becoming compromised. Proper security controls are a must for securing these devices. Consumers should follow the following procedures to secure their devices 3:
· Ensure all default passwords are changed to strong passwords. (Default usernames and passwords for most devices can easily be found on the Internet, making devices with default passwords extremely vulnerable.)
· Update IoT devices with security patches as soon as patches become available.
· Disable Universal Plug and Play (UPnP) on routers unless absolutely necessary.
· Purchase IoT devices from companies with a reputation for providing secure devices.
Overthrowing the Government using IoT:
On August 2016 at DefCon, A hacker called Rock shows a scenario using IoT to hack Kuwait Government. Rock used his experience working as a hacker for the Kuwait government to model his attack Figure 3.0. In DefCon, Rock said that he was hired by Kuwait to test the country’s infrastructure. In just two years, Rock says that he and three other people were able to gain complete control of several banks and critical IoT infrastructure like Telecoms, which also manages many Kuwait properties. This attack took place five years ago, and Rock says that Kuwait Government has since “patched up” its security flaws.
Unsecured IoT devices could cause a real damage to countries if they weren’t securely managed. Figure 4.0 shows some of issues can a hacker or unauthorized person cause to an IoT system.
E-waste and IoT
As the what I have mentioned in IoT Security part, Business Insider forecasts there will be 50B Figure 1.0 devices connected to the internet by 2020, up from 7.2B in 2015. This will lead us to Huge E-waste challenge.
What is E-waste?
“E-waste” is a popular, informal name for electronic nearing the end of their “useful life. “E-wastes are considered dangerous, as certain components of some electronic products contain materials that are hazardous, depending on their condition and density. The hazardous content of these materials poses a threat to human health and environment. Discarded computers, televisions, VCRs, stereos, copiers, fax machines, electric lamps, cell phones, audio equipment and batteries if improperly disposed can leach lead and other substances into soil and groundwater. Reducing E-Waste Keeps the IoT Sustainable.
Electronic industry is the world’s largest and fastest growing industry. The consequence of its consumer oriented growth combined with rapid product obsolescence and technological advices are a new environmental challenge 4. Large dependent of humans on machines have changed our world into machines dependent world. Each year technology advances. We are mostly dependent on computers and other electronic devices but each year millions of these devices are discarded or become useless creating a huge waste every year which has many harmful effects. E-waste should handled carefully. The most effective way to manage E-waste is to adopt 3-Rs namely reduce, reuse and recycle 5.
Many people use to buy a new electronic set only to get a new model even if their previous set is working properly. It is better to upgrade previous model with the version, if possible. Electronic items should be taken good care of so that they can be used for longer period of time. People should prefer to buy refurbished products.
“One man trash is another man’s treasure” Something which is waste for one may be necessarily for other. People should donate items which is not useful to them, to any charity so the they might be taken into use by others. This way can help to reduce E-waste.
Dead devices cannot be used by anyone. Recycling of the raw materials from this waste is a way to get around this limitation. This process provides reuse facilities and prevents disposal of hazardous products.
1 M. B. Barcena, C. Wueest, “Insecurity in the Internet of Things”, Symantec Tech. Rep., 2015.
2 Kan, Michael. “Chinese Firm Recalls Camera Products Linked To Massive DDOS Attack”. PCWorld. N.p., 2017. Web.
3 US Department of Homeland Security. (2016). Strategic Principles for Securing the Internet of Things (IoT). Retrieved from DHS website: https://www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_Securing_the_Internet_of_Things-2016-1115-FINAL….pdf
4) Vijay N.Bhoi and Trupti Shah, “E-Waste: A New Environmental Challenge”, International Journal of Engineering, Vol. 4 (2), pp. 442-447, 2014.
5) Km. Saroj Gupta, “E-waste Management: Teaching How to Reduce, Reuse and Recycle for Sustainable Development Need of Some Educational Strategies”, Journal of Education and Practice, Vol. 2 (3), pp. 74-86, 2009.