Contents
Guide
Alasdair Gilchrist
IoT Security Issues
ISBN 978-1-5015-1474-6
e-ISBN (PDF) 978-1-5015-0577-5
e-ISBN (EPUB) 978-1-5015-0562-1
Library of Congress Cataloging-in-Publication Data
A CIP catalog record for this book has been applied for at the Library of Congress.
Bibliographic information published by the Deutsche Nationalbibliothek
The Deutsche Nationalbibliothek lists this publication in the Deutsche Nationalbibliografie; detailed bibliographic data are available on the Internet at http://dnb.dnb.de.
2017 Walter de Gruyter Inc., Boston/Berlin
www.degruyter.com
To Rattiya and Arrisara
Acknowledgements
Much of the research in this book stems from Internet research based on published industry reports from Gartner, Cisco, Beechams, Pew Research Center among many others. I would also like to acknowledge the many security resources available on the Internet such as Privacy International, OWASP, Microsoft Technet, and the Online Trust Alliance. Additionally, little of the section on Internet surveillance would have been possible to verify had it not been for the Guardian and Washington Posts published articles on the Edwards Snowden files and the Guardians articles on the Investigatory Powers bill in the UK.
I would also acknowledge the efforts of Jeffrey Pepper and Megan Lester at De Gruyter for their efforts in publishing this book, as well as Stephanie Defrayne, Angie MacAllister and Scott MacAllister for their copy editing, technical verification and formatting help.
Introduction
IoT Security Issues looks at the burgeoning growth of the multitude of devices controlled by the Internet, where product comes first and security second. In this case, security trails badly. This book examines the issues surrounding these problems, vulnerabilities, what can be done to solve the problem, investigating the stack for the roots of the problems and how programming and attention to good security practice can combat the problems today that are a result of lax security processes on the Internet of Things.
This book is for those interested in understanding the vulnerabilities on the Internet of Things, such as programmers whose primary focus is not the IoT, security professionals, and a wide array of interested hackers and makers. This book assumes little experience or knowledge of the Internet of Things on the part of its readers. To fully appreciate the book, limited programming back- ground would be helpful for some of the later chapters, though the basic con- tent is explained.
The author, Alasdair Gilchrist, has spent 25 years as a company director in the fields of IT, Data Communications, Mobile Telecoms and latterly Cloud/ SDN/NFV technologies, as a professional technician, support manager, network and security architect. He has managed both agile SDLC software development projects as well as technical network architecture designs. He has experience in the deployment and integration of systems in enterprise, cloud, fixed/mobile telecoms, and service provider networks. He is therefore knowledgeable in a wide range of technologies and has written a number of books in related fields.
Part I: Making Sense of the Hype
The hype surrounding the IoT that consumers have been subjected to over the last decade is truly astonishing. We have been told that 50 billion devices will be connected to the Internet and communicating with one another, and that they will deliver untold of pleasures. An Internet of 50 billion devices all sharing data and collaborating will produce a lifestyle experience that was impossible to consider even a decade ago. We will have autonomous vehicles, drones delivering parcels, even drones as air taxis, bots answering contact centres and even the possibility of cyber-sex with virtual reality robots.
The problem is that we cannot just accept the hype as consultants, security practitioners and regurgitate this to our clients we must keep an open mind and try to balance evangelism versus skepticism.
So, where has the promise of the Internet of Things gone astray? After all, we were promised a new world not so long ago, a world that heralded the connectivity of devices that would make our lives so easy and fulfilling.
Did the proponents of the IoT overstate their case? Did they perhaps believe that the IoT would escalate to a disruptive level, such as the smartphone and the tablet? Perhaps they did, but we are still not seeing that through future projections, which still look optimistic.
In this section, we will consider why the IoT has not grown exponentially as predicted, and why consumers are so reticent to embrace the technologies. After all, when we think in terms of securing the IoT, we need to understand why the public has not embraced a truly innovative array of solutions and products as they have other technologies.
Therefore, in this opening chapter, the consideration in regard to how consumers can analyze the hype and come to realistic terms with the IoT.
What the reader will learn is:
- Hype is often misconstrued through evangelists vs. skeptics
- Things are very ambiguous and dependent on the definition of IoT
- The public doesnt always know what they want or understand IoT
- Companies and media are often technologically biased in surveys
- Public surveys and results are contradictory
- Poor enthusing examples of the IoT are holding IoT adoption back
Chapter 1The Consumer Internet of Things
The Internet of Things, is a real enigma, not only is it such a vague term, covering all sorts of network capable connected things, which can be anything from a light bulb to a car to a home security system. It also appears to have almost unlimited scope bringing just about any modern consumer gadget or technical appliance, under its umbrella by virtue of its very loose definition.
Here are some common definitions:
The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are pro- vided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
From WhatIs.com:
The Internet of Things (IoT) describes the revolution already under way that is seeing a growing number of Internet-enabled devices that can network and communicate with each other and with other web-enabled gadgets. IoT refers to a state where Things (e.g. objects, environments, vehicles and clothing) will have more and more information associated with them and have the ability to sense, communicate, network and produce new in- formation, becoming an integral part of the Internet.
By Technology Strategy Board IoT Special Interest Group
There are many more definitions of the IoT that can leave us bemused, but if we cannot agree on a definition then how can we secure it?
A Wave of Technology, or a Wave of Hype
The IoT rides on a wave of promise that its supporters claim will revolutionize our lives and the way we interact with the world, and what is more, this will happen within only the next decade or so. Indeed, depending on whom you listen too, some of the ardent IoT supporters such as Cisco, believe the IoT will be responsible for 50 billion (things) devices being online and connected to the Internet by 2020. Cisco does have a more expansive conceptual view where they include sources of data such as people, machines or even cows, in an agricultural scenario, within an Internet of Everything. There is no doubt we are seeing and will continue to see a significant industrial and agricultural increase in the role sensors and other IoT devices will play. But the consumer market continues to trail expectations.