The Anatomy of IoT Security

We had an opportunity to share our views on “Security in IoT” at the Messe München Electronics Show, an influential trade show and host of the International Embedded System Innovation Forum.

The following is an excerpt of the presentation given at the show.

IoT promises an ecosystem where the connected devices will share massive amounts of data. Many of these devices are becoming intelligent with ability to analyse and implement actions. However, there is a simultaneous need to secure these devices from malicious attacks. This needs the provision of robust hardware and software at the device, in the network as well as in any cloud-level servers. We expect that AI, Machine learning and, potentially, blockchain, will emerge as valuable solutions to protect IoT data. However, before that lets fact-check the current security landscape.

  • IoT cellular connection will reach one billion by 2020. However, we expect that this growth will come with some cost and potential for collateral damage.
  • We estimate that more than 80% of devices to be connected could be vulnerable. This will provide many opportunities for hackers to exploit these vulnerabilities.
  • Solving IoT security is not a destination, but a journey. Securing the four basic vertices in security (Hardware, Software, Network, and Cloud) together will be critical and can help drive sustainable, secure growth for IoT.
  • Connected Cars, Smart Healthcare and Smart Cities will be the major verticals that will expose the majority of the population quickly. Securing these three sectors will be a priority. A gross failure in any one of them could cause a significant setback for the industry.
  • It is important to recognize that cyber-crime is a business, not just a technological issue or a “system glitch”. Cyber-security is an arms race – and is often state-sponsored. The defences therefore have to be constantly reviewed and updated; what worked yesterday may not work tomorrow.
  • Malware, especially Ransomware is rising rapidly and attackers are developing new versions to counter earlier patches or solutions.
  • Malware attacks are not just limited to the online domain. For example: BlueBorne attacks via Bluetooth potentially affected over 8.2 billion devices worldwide including laptops, cars, smartphones and wearable gadgets.

Connected Car: 

  • Vehicle connectivity will rapidly become the norm. This is being driven by various factors, but by 2025 well over half of all cars sold will have at least one form of connectivity and almost all heavy-goods vehicles. This makes vehicles appealing targets for attackers and cyber-criminals. Low-level activity may include extracting personal data for onward selling. Other lines of attack may be akin to a ransomware attack where a vehicle is prevented from being unlocked or started unless a ransom is paid. At worst a car’s functions may be impaired or the vehicle incapacitated through a malicious attack with fatal consequences.
  • Approximately 30% of cars are connected through smartphone apps and apps mean easy access for cybercriminals.

IoT Healthcare:

  • The rising need for healthcare coupled with pressure to drive down costs are key issues in healthcare. There is a growing requirement for remote, home-based care, especially for chronic conditions like diabetes, and to support ageing-in-place.
  • Connected healthcare can address this situation via connected devices, monitoring and communication.
  • Data-sharing and patient monitoring between organizations can significantly enhance the quality and effectiveness of medical care.
  • The introduction of poorly secured devices creates vulnerabilities that hackers can exploit. This may again be limited to obtaining data illegitimately. It can also lead to crimes such as burglary as criminals can use data to assess when is the best time to break into someone’s home.

Smart Cities: 

  • Smart Cities will drive real-time synchronization between various applications such as smart transportation, smart buildings, environmental monitoring etc.
  • With many sensors connected to centralized monitoring and control infrastructure, all points will need to be sufficiently robust to ensure system-wide security.
  • Attacks can take the form of data theft, attacks on infrastructure such as traffic signalling or be ransom-based.


IoT devices at this point are quite vulnerable due to lack of end-to-end robust security implementations. IoT malware currently uses default credentials to gain control of devices, the easiest path. Once that door closes, self-evolution will kick-in and attackers will find other entry points. IoT malware is currently basic, but in the future, we will surely see more professional and well-funded attackers.

More collaboration like the Cyber Threat Alliance between IoT security companies to bring coordinated solutions together will be necessary. Unified offerings can fight against malware and botnets but even learn and evolve on their own.

Artificial Intelligence, machine learning, and blockchain will open doors for the Intelligent Internet of Everything (IIoE).  Neural networks able to rewrite their own code to evolve, defend and heal against “advance intelligent attacks” is on the horizon.

The comprehensive and in-depth report on “The Anatomy of IoT Security” is a part of our IoT research practice. This complimentary report is available for download here

Counterpoint research is a young and fast growing research firm covering analysis of the tech industry. Coverage areas are connected devices, digital consumer goods, software & applications and other adjacent topics. We provide syndicated research reports as well as tailored. Our seminars and workshops for companies and institutions are popular and available on demand. Consulting and customized work on the above topics is provided for high precision projects.

Term of Use and Privacy Policy

Counterpoint Technology Market Research Limited


In order to access Counterpoint Technology Market Research Limited (Company or We hereafter) Web sites, you may be asked to complete a registration form. You are required to provide contact information which is used to enhance the user experience and determine whether you are a paid subscriber or not.
Personal Information When you register on we ask you for personal information. We use this information to provide you with the best advice and highest-quality service as well as with offers that we think are relevant to you. We may also contact you regarding a Web site problem or other customer service-related issues. We do not sell, share or rent personal information about you collected on Company Web sites.

How to unsubscribe and Termination

You may request to terminate your account or unsubscribe to any email subscriptions or mailing lists at any time. In accessing and using this Website, User agrees to comply with all applicable laws and agrees not to take any action that would compromise the security or viability of this Website. The Company may terminate User’s access to this Website at any time for any reason. The terms hereunder regarding Accuracy of Information and Third Party Rights shall survive termination.

Website Content and Copyright

This Website is the property of Counterpoint and is protected by international copyright law and conventions. We grant users the right to access and use the Website, so long as such use is for internal information purposes, and User does not alter, copy, disseminate, redistribute or republish any content or feature of this Website. User acknowledges that access to and use of this Website is subject to these TERMS OF USE and any expanded access or use must be approved in writing by the Company.
– Passwords are for user’s individual use
– Passwords may not be shared with others
– Users may not store documents in shared folders.
– Users may not redistribute documents to non-users unless otherwise stated in their contract terms.

Changes or Updates to the Website

The Company reserves the right to change, update or discontinue any aspect of this Website at any time without notice. Your continued use of the Website after any such change constitutes your agreement to these TERMS OF USE, as modified.
Accuracy of Information: While the information contained on this Website has been obtained from sources believed to be reliable, We disclaims all warranties as to the accuracy, completeness or adequacy of such information. User assumes sole responsibility for the use it makes of this Website to achieve his/her intended results.

Third Party Links: This Website may contain links to other third party websites, which are provided as additional resources for the convenience of Users. We do not endorse, sponsor or accept any responsibility for these third party websites, User agrees to direct any concerns relating to these third party websites to the relevant website administrator.

Cookies and Tracking

We may monitor how you use our Web sites. It is used solely for purposes of enabling us to provide you with a personalized Web site experience.
This data may also be used in the aggregate, to identify appropriate product offerings and subscription plans.
Cookies may be set in order to identify you and determine your access privileges. Cookies are simply identifiers. You have the ability to delete cookie files from your hard disk drive.