Security in the Ever-Expanding Internet of Things

Nowadays it is becoming more and more common for things and appliances that we use in our daily life to be accessible via the Internet.  Things like smart TVs, thermostats, security systems, etc. are all connected to the internet and most can be accessed remotely from any device that is also connected and has the authority to access the device.  The number of devices that make up the “Internet of Things” is constantly expanding, and the trend seems to be that eventually we’ll be able to control every aspect of our homes, down to individual appliances, from one point of access.  Of course this sounds really convenient and great, but if the security aspect of these devices are not properly implemented, then it could be potentially disastrous.

A friend showed me this really interesting video recently that highlights exactly this point.  It is from 2012, so it’s a bit older, but the concepts that the speaker highlights are definitely still something that needs to be considered.  He talks about how he used shodan, which is basically a search engine that anyone can use to search through devices that are connected to the internet, to gain access to various internet connected devices.  That fact that anyone can search through these devices is not really anything crazy in itself, but the actual systems and devices that he was able to access and how little security they had to stop this sort of public access is surprising.  He shows how he was able to access basic things like security cameras, but also full floor plans for random business buildings and private residences, control programs for various heating/boiler systems, industrial cooling systems, stoplights and cameras for intersections, and even a controller for a hydro-electric plant.  He goes a lot more into detail about how everything could potentially be used and how easy it was to access everything, but the idea is pretty clear. 

Not all of these systems were directly controllable, although ironically some of the more important ones were, but just the idea that all of this is publicly available to anyone with the technical prowess is pretty distressing; someone could potentially do a lot of damage with access to heating/cooling or pressure systems depending on what they’re being used for.  When you consider that fact that it is estimated that around 40.9 billion (nearly double the amount that are connected now) devices are forecasted to be connected to the Internet by 2020, it really puts things into perspective.  Another thing to consider is that the person in the video was only using public, legitimate ways to access these devices; people who actually try to hack their way in through other means, may be able to do even more malicious things.  Of course, like this article notes, it’s probably unlikely that someone would hack into your “smart toilet” or whatever other trivial smart devices we make eventually come to own because most people need a legitimate reason to do these types of things.  Even so, it is definitely something to consider as we continue to move further toward a world of complete and constant inter-connectivity in all aspects of our lives.