17th December 2015
'Securing the Internet of Things'
Wearable tech has been described as “representing the next phase of the mobile revolution” and as widely predicted, 2015 saw the start of widespread commercial success of wearable technologies and Internet of Things (IoT) devices.
These internet-connected mobile devices exist to capture and exchange data. Often core functionality relies upon the ability to sync efficiently with other devices. This results in an ecosystem where files can be transferred quickly between devices, travelling around the world nearly instantaneously. Worryingly, however, HP recently conducted a survey that revealed that 90% of all IoT devices do not have encryption, and 70% have no security features at all.
What are the risks?
It is estimated that by the end of the decade there could be 50 billion internet-connected ‘things’ in existence. These devices, swiftly integrated into our homes, cars and clothes for example, will undoubtedly bring enormous benefits. However, without adequate security, we are exposing ourselves to potential hacks, which could have costly, even fatal, consequences. The Information Security Forum (ISF) has published several research papers highlighting the security and privacy implications of IoT, specifically relating to:
- Medical devices: unauthorised access to configuration settings as well as data on location, blood pressure/sugar levels and other bodily functions
- Buildings and critical infrastructure: malicious damage to power/ production/ generation/distribution, manufacturing and transportation
- Automobiles: in-car Wi-Fi, remote access, tampering of engine control and braking systems (The recent Jeep, Tesla, VW and OnStar revelations have gained media attention of these risks)
- Commercial and personal drones: collection of significant personal data by drones; or compromised or personal drones used for kamikaze attacks
- Home appliances: denial-of-service attacks using unsecured connected devices, such as home entertainment systems and compromised smartphone apps
Whose responsibility is it to secure the IoT?
Mobile security begins and ends with better encryption, which is the responsibility of technology manufacturers and mobile operators. They must have an understanding of risks and responsibilities in protecting personal and corporate data as well as functionality within the Internet of Things. This should clearly include:
- Ensuring that minimal (and only relevant) data is collected
- Adopting the strongest encryption available
- Ensuring that staff and consumers understand what data is collected.
So what is the solution?
Fortunately, both businesses and academic institutions have recognised the importance of this issue, specifically the need to improve data encryption. Quantum scientists have been working on solutions to find better seeding for encryption. In partnership with academics, a security chip which can be installed on all mobile, IoT devices and wearable technologies is being developed, which uses light to count the photons reflected off of real-world objects to generate a true random number, encryption from such a quantum random number generator will, theoretically, be unhackable.