We had an opportunity to share our views on "Security in IoT" at the Messe München Electronics Show, an influential trade show and host of the International Embedded System Innovation Forum.

The following is an excerpt of the presentation given at the show.

IoT promises an ecosystem where the connected devices will share massive amounts of data. Many of these devices are becoming intelligent with ability to analyse and implement actions. However, there is a simultaneous need to secure these devices from malicious attacks. This needs the provision of robust hardware and software at the device, in the network as well as in any cloud-level servers. We expect that AI, Machine learning and, potentially, blockchain, will emerge as valuable solutions to protect IoT data. However, before that lets fact-check the current security landscape.

• IoT cellular connection will reach one billion by 2020. However, we expect that this growth will come with some cost and potential for collateral damage.
• We estimate that more than 80% of devices to be connected could be vulnerable. This will provide many opportunities for hackers to exploit these vulnerabilities.
• Solving IoT security is not a destination, but a journey. Securing the four basic vertices in security (Hardware, Software, Network, and Cloud) together will be critical and can help drive sustainable, secure growth for IoT.
• Connected Cars, Smart Healthcare and Smart Cities will be the major verticals that will expose the majority of the population quickly. Securing these three sectors will be a priority. A gross failure in any one of them could cause a significant setback for the industry.
• It is important to recognize that cyber-crime is a business, not just a technological issue or a “system glitch”. Cyber-security is an arms race - and is often state-sponsored. The defences therefore have to be constantly reviewed and updated; what worked yesterday may not work tomorrow.
• Malware, especially Ransomware is rising rapidly and attackers are developing new versions to counter earlier patches or solutions.
• Malware attacks are not just limited to the online domain. For example: BlueBorne attacks via Bluetooth potentially affected over 8.2 billion devices worldwide including laptops, cars, smartphones and wearable gadgets.

Connected Car: 

• Vehicle connectivity will rapidly become the norm. This is being driven by various factors, but by 2025 well over half of all cars sold will have at least one form of connectivity and almost all heavy-goods vehicles. This makes vehicles appealing targets for attackers and cyber-criminals. Low-level activity may include extracting personal data for onward selling. Other lines of attack may be akin to a ransomware attack where a vehicle is prevented from being unlocked or started unless a ransom is paid. At worst a car's functions may be impaired or the vehicle incapacitated through a malicious attack with fatal consequences.
• Approximately 30% of cars are connected through smartphone apps and apps mean easy access for cybercriminals.

IoT Healthcare:

• The rising need for healthcare coupled with pressure to drive down costs are key issues in healthcare. There is a growing requirement for remote, home-based care, especially for chronic conditions like diabetes, and to support ageing-in-place.
• Connected healthcare can address this situation via connected devices, monitoring and communication.
• Data-sharing and patient monitoring between organizations can significantly enhance the quality and effectiveness of medical care.
• The introduction of poorly secured devices creates vulnerabilities that hackers can exploit. This may again be limited to obtaining data illegitimately. It can also lead to crimes such as burglary as criminals can use data to assess when is the best time to break into someone's home.

Smart Cities: 

• Smart Cities will drive real-time synchronization between various applications such as smart transportation, smart buildings, environmental monitoring etc.
• With many sensors connected to centralized monitoring and control infrastructure, all points will need to be sufficiently robust to ensure system-wide security.
• Attacks can take the form of data theft, attacks on infrastructure such as traffic signalling or be ransom-based.

Outlook

IoT devices at this point are quite vulnerable due to lack of end-to-end robust security implementations. IoT malware currently uses default credentials to gain control of devices, the easiest path. Once that door closes, self-evolution will kick-in and attackers will find other entry points. IoT malware is currently basic, but in the future, we will surely see more professional and well-funded attackers.

More collaboration like the Cyber Threat Alliance between IoT security companies to bring coordinated solutions together will be necessary. Unified offerings can fight against malware and botnets but even learn and evolve on their own.

Artificial Intelligence, machine learning, and blockchain will open doors for the Intelligent Internet of Everything (IIoE).  Neural networks able to rewrite their own code to evolve, defend and heal against “advance intelligent attacks” is on the horizon.

The comprehensive and in-depth report on "The Anatomy of IoT Security" is a part of our IoT research practice. This complimentary report is available for download here