Counterpoint is attending the IoT Tech Expo Europe on 27th September, 2023
Our Associate Director Mohit Agrawal will be attending the IoT Tech Expo Europe, 2023. You can schedule a meeting with him to discuss the latest trends in the technology, media and telecommunications sector and understand how our leading research and services can help your business.
When: September 26th – September 27th
Where: Rai, Amsterdam
About the event:
IoT Tech Expo is the leading event for IoT, Digital Twins & Enterprise Transformation, IoT Security IoT Connectivity & Connected Devices, Smart Infrastructures & Automation, Data & Analytics and Edge Platforms. With a myriad of groundbreaking exhibits, expert-led discussions, and networking opportunities, the IoT Tech Expo is your gateway to discovering the IoT landscape.
Click here (or send us an email at contact@counterpointresearch.com) to schedule a meeting with them.
Counterpoint Research will be joining Industry of things World Europe as Media Partners. As part of this collaboration, our Associate Director Mohit Agrawal will be speaking about security and privacy considerations when managing IoT connectivity, and how do CMPs assist in enforcing security measures. You can schedule a meeting with him to discuss the latest trends in the IoT sector and understand how our leading research and services can help your business.
Topic:
What are the security and privacy considerations when managing IoT connectivity, and how do CMPs assist in enforcing security measures?
At the Industry of Things World Europe more than 450 experts, decision-makers and providers from the industry will discuss use cases and business strategies from the Industry 4.0 universe. Latest technological trends, opportunities and risks as well as direct practical examples from the manufacturing industry – the Industry of Things World is designed to evaluate and discuss your technology strategy for a scalable, secure and efficient IIoT implementation around your production & your products. Don’t miss the opportunity to meet all relevant IIoT stakeholders under one roof. We look forward to welcoming you in Berlin! Your Industry of Things World Team.
In recent times, Telit has acquired cellular IoT businesses from Thales and Mobilogix. The IoT module market has started consolidating and we expect to see a few more deals in the coming months. In August, we also saw Semtech acquiring Sierra Wireless to offer complete chip-to-cloud solutions to cover the entire IoT value chain. The back-to-back acquisitions by Telit show how it is trying to become an integrated player. With the Mobilogix acquisition, Telit can offer modules, connectivity, security and management platform to design and manufacturing services. It means Telit will act as a one-stop solution provider for its customers. Here, we will try to analyze what these acquisitions mean to Telit and how they will impact the IoT industry.
Telit-Thales deal
Thales is merging its cellular IoT module business into Telit to form a new entity called Telit Cinterion. Thales will own a 25% stake in the newly formed entity and offer SIM technology and security services for IoT modules.
China dominates the global cellular IoT module market by taking more than 55% share. International players are struggling to compete in the operator- and government-driven China IoT module market.
After its deal with Telit, Thales will enjoy less distraction from its module business and will be able to focus on its core business which includes software, security and services. Thales will still continue to provide eSIM services where it is a market leader.
Global Cellular IoT Module Shipments Share by Vendor, Q1 2022
The newly formed company will have a common R&D platform which will help save resources. In the coming times, we may see Telit Cinterion focusing on the IoT platform business to earn revenue on a recurring basis.
Thales has a strong position in Europe and Japan, whereas Telit has a good presence in North America and Latin America. This complementary relationship supports their dream of becoming the #1 cellular IoT player in the international market. Telit-Thales is already leading in the international IoT module market in terms of revenue. With this merger, Telit Cinterion may overtake Quectel in the international market in terms of shipments in the coming years.
Telit has already divested its automotive business in 2018, but Thales has a good customer base for some European automakers. How the joint venture treats this automotive business will be keenly watched. There is ample opportunity in the automotive business with growing connected and autonomous mobility. With the introduction of 5G, Telit may focus on the automotive segment as the automotive module business contributes higher revenue due to a higher average selling price (ASP).
In recent times, Telit has done a great job launching many new modules. This helps Telit to target new regions depending on available technologies and provides an option for customers to select a product as per their requirements.
Telit-Mobilogix deal
Telit moved to acquire Mobilogix, a decade-old end-to-end IoT hardware, software and cloud solution provider to fulfill its ambition of becoming a more integrated player and one of the largest end-to-end white-label solution providers outside China.
Mobilogix’s comprehensive device engineering expertise and resources, which focus on optimizing the specifications for EMS and ODMs, and attainment of regulatory approvals and carrier certification, will help Telit provide solutions to customers with reduced cost and complexity, and faster time to market.
Furthermore, Mobilogix is known for its expertise in customized IoT projects, which provide businesses with solutions in various application verticals that are ready to certify and mass produce. This will help Telit expand its focus in growing segments such as telematics, micro-mobility, healthcare, construction and agriculture.
Chinese module vendors are trying to become integrated players to capture maximum share across the IoT value chain. Telit is also trying to adopt such a model with these recent acquisitions. For example, Quectel is trying to increase its footprint in the North American market with the establishment of a new ODM company, named Ikotek. Similarly, Fibocom established a new ODM company in 2019 for global customers through applications such as gateway, payment terminal, telematics and industrial applications. Telit is slowly becoming vertically integrated and trying to revive back its glory days in the IoT module market.
Solutions from the combined entity will provide a great choice for customers who want to diversify and do not want to depend on the Chinese ecosystem, and need tightly integrated solution expertise from one provider.
If Telit wants to compete head-to-head with Chinese module giants like Quectel and Fibocom, it has to develop an effective business strategy for each international market.
Mobilogix has a wide range of portfolios comprising custom IoT projects and solution design services based on three basic architectures, namely beacon, power and battery-operated architecture. Apart from this, it also offers cloud platform integration and custom firmware, which will add value to Telit’s portfolio not only from cellular but also from BLE beacon hardware designs.
Mobilogix has a global presence across key regions such as the US, China, India and Latin America. Its presence in China and emerging markets like India will help Telit grow its presence in these key regions.
Conclusion
Telit is becoming a more integrated player with these acquisitions and moving up the stack to become an end-to-end solution provider. The convenient and comprehensive solutions will add more value to its customers’ IoT project deployments and will be concurrent with its long-term vision of becoming the #1 international module player in terms of both shipments and revenue.
The acquisitions will help Telit provide solutions to customers from the design/manufacturing of hardware to cloud and security with regional diversification. This will help Telit cater to more application segments, thus improving both revenue and profitability.
However, industry experts will be keenly watching the entire positioning, offering, strategy and business model, which are changing in the IoT space as you need to be a large-scale and end-to-end player to succeed even though it is a blue ocean out there.
Traditionally, security circled around securing network and software applications. However, as more devices get connected to the internet, and threats rise, there is an unprecedented need to secure hardware alongside the data flow from edge devices to the cloud. Hence, integrating security across all four layers (hardware, software, network, and cloud) becomes vital for a secure IoT deployment. We are already seeing this being adopted across data-centric devices such as smartphones.
What are the options to enable hardware security?
The key is to secure the hardware at the chipset (MCU/SoC) level to first secure the data flowing through the internal bus. This can be done by embedding Secure Elements (SE) such as Physical Unclonable Function PUFs, Trusted Platform Module (TPMs), or Hardware Security Module (HSM) to the system within the devices. Further, key injection in the secure enclave/PUF along with cryptographic key management to ensure the secure identity of the devices and to create secure tunneling of data flowing within the device and then from the device to the cloud.
How will secure hardware help Microsoft?
Microsoft is theleading end-to-end IoT platform provider globally connecting millions of edge IoT devices across tens of thousands of enterprises to its Azure cloud via its Azure IoT platform. Microsoft also has been offering Azure Edge IoT software to enable computing and intelligent decision making at the edge. As a result, Microsoft must ensure the millions of devices running its Azure instances are not compromised and securely connected to its cloud.
In light of this, Microsoft has been looking to build secure chips with silicon partners to create a “hardware-based root of trust”. This will help solve cloning and counterfeit issues and will also establish secure authentication with its IoT hub platform via a unique trusted identity.
To achieve this goal, back in 2018, Microsoft announced Azure Sphere to build multi-layered end-to-end security. Since then Microsoft Azure Sphere has evolved and constitutes three key elements:
Source: Microsoft
Hardware: Azure Sphere embeds secure keys (public) within a secure MCU/MPU powered by its Pluton security subsystem.
Pluton includes a security processor unit with a random number generator (RNG)
Tamper and side-channel attack resistant
Other cryptography and encryption tools
Secure booting for remote attestation and certificate-based security
As an example, the MediaTek MT3620 contains an isolated security subsystem with its own Arm Cortex-M4F core that handles secure boot and secure system operation. This M4F security processor features a 128kB secured TCM and a 64kB secured mask ROM bootloader.
Source: Microsoft
Software: Azure Sphere OS:
Azure Sphere OS is made up of a custom Linux kernel, which runs on 2.4MB code storage, which is carefully tuned for the flash and RAM footprint of the Azure Sphere MCU to reduce its attack surface.
The OS communicates with the Azure Sphere Security service in the cloud for secure device authentication, network management, application management for all outbound traffic.
It undertakes secure monitoring to protect memory, flash and other MCU resources limiting exposure.
The OS includes Microsoft-provided application runtime to restrict access to file I/O or shell access.
It also includes a high-level application platform which is signed by Microsoft Certificate Authority (CA) through a trusted pipeline to maintain all software other than the device-specific applications.
Cloud: Azure Sphere Security Service
Azure Sphere Security Service brokers trust for device-to-cloud communication, detects threats, and renews device security via CA based-authentication, failure reporting and automatic updates for OS.
Azure Sphere in the cloud thus embeds with a private key that enables asymmetric encryption and authenticates devices with paired public keys at the time of the manufacturing process.
Further, Azure Sentinel provides cloud security through Artificial Intelligence.
The integration of all three elements enables the hardware root of trust with asymmetric encryption. Further, it creates a secure tunnel for the secure flow of data from chip to cloud ensuring both the data security at rest and in transit.
Following chart depicts Azure Sphere running on a Guardian IoT module for a brownfield IoT deployment
Source: Microsoft
Growing Partner Ecosystem:
Chipsets:
In 2018, ST Micro’s STM32, a secure MCU embed with a secure element and integrated with Azure IoT C SDK, which enables direct and secure connectivity to the Azure IoT Hub, as well as full support for Azure device management.
In mid-2019, NXP’sMX 8 series, integrates Microsoft’s Azure Sphere security architecture and Pluton Security Subsystem.
MediaTek MT3620 is Azure Sphere ready
At the end of 2019, Qualcomm’s 9205 LTE multimode modem supporting both LTE-M / NB-IoT was integrated with Microsoft’s Azure Sphere.
Modules
Avnet and qiio offer Avnet Guardian 100 and qiio q200 Guardian (add-on) modules for retrofitting on exiting brownfield devices which lack connectivity and security but need to be connected to the Internet.
Other modules include Avnet AES-MS-MT3620, AI-Link WF-M620-RSC1 and USI Wi-Fi module with Bluetooth option.
With this approach, Microsoft is building a highly scalable and secure approach to onboard, manage and connect IoT devices and ensure the data is securely transmitted from device to cloud. This eliminates the need for most IoT customers to hire expensive security professionals.
Case Study: Starbucks
Starbucks has deployed Azure Sphere across its stores in North America. Each Starbucks store has around ten to twelve pieces of equipment that are operational for more than fifteen hours a day and are needed to be connected to the cloud for beverage related data (10 to 12 data points worth 5MB generated per beverage), asset monitoring and any predictive maintenance to avoid disruptions. This is important as any equipment breakdown is directly proportional to the store’s performance, its business and customer dissatisfaction. Starbucks has therefore been using the guardian modules deployed by Azure Sphere with the help of Microsoft across all its brownfield equipment to securely connect and aggregate the data to the cloud.
Source: Microsoft
Chip-to-Cloud Security is the Gold Standard
Security and privacy are global concerns around IoT, irrespective of country. Security is one of the major roadblocks for IoT. However, in the past two years, we have seen the adoption of chip-to-cloud security due to an increase in awareness of the threats and its scalable solution. The end-to-end security will be critical to the success of any future IoT deployments to protect the asset as well as the data which, in most cases, is even more valuable.
As the IoT ecosystem continues to expand, security cannot be neglected. This is especially true for devices that gather and store personal data. And while securing every computing system is almost impossible, service providers need to add a layer of security to thwart most attacks. There are four layers of security – hardware, software, network and cloud. But what challenges do companies face during deployment?
In this episode of “The Counterpoint Podcast” host and VP of Research, Peter Richardson and Research Analyst Satyajit Sinha discuss “The Future of IoT Security” with our guest, Kumi Thiruchelvam, CCO, Crypto Quantique. The discussion isn’t just limited to IoT Security, but we’ve also touched upon topics like Quantum Tunneling.
Hit the play button below to listen to our podcast
2018 was the year of realisation for all players in the IoT ecosystem, including consumers, that security cannot be neglected. This is especially the case for devices that gather and store personal data. Both data security and data privacy will take center stage in 2019. After GDPR, we expect the US will also introduce unified regulations to protect citizens’ data. India is also introducing similar legislation in its IDPR.
Advanced IoT security tools such as Blockchain and AI are capable of securing data at rest and data in flow respectively. However, 2019 will see a slow transition from traditional to advanced IoT security tools with a niche adoption rate.
We expect a significant increase in overall investment and capital expenses in IoT security industry towards securing IoT products, platforms, the cloud, and services.
The following are the top 10 trends and prediction of 2019 :
Threat Escalation in 2019
Collaboration and more partnership among hackers and cybercriminals: Hackers have been categorized into different groups such as traditional hackers, ideological hackers, state-sponsored attackers and hackers-for-hire. Going forward we expect these groups will start to overlap and eventually collaborate for ease of operation. Furthermore, we also expect to see some strategic alliances among these groups of hackers which will take advantage of each other’s products and services.
Attack-as-a-service (AaaS): Malware-as-a-service and Ransomware-as-a-service are not new concepts. Their adoption was very niche but highly successful. In 2019, we are expecting malware, specifically ransomware, to increasingly use the remote desktop protocol as an entry point for infection. Furthermore, hackers may create and sell pre-attack packages of malware, exploits, botnets, and other services, which will give cybercriminals the option to choose various off-the-shelf products. Irrespective of cybercriminal experience, they can easily launch attacks with these pre-attack packages.
ML as the next weapon: In the past few years, we have seen malware using evasion techniques to bypass machine learning engines. One of the recent examples from 2018 was Plucky ransomware that used InnoSetup to package the malware and avoid machine learning detection. Hence, bypassing the machine learning is already on the criminal to-do list. By the end of 2019, we expect hackers to leverage advanced machine learning tools to automate target selection by exploring and exploiting the vulnerabilities to find less secure systems.
Data theft is the new cash-cow for Hackers: 2018 had landmark examples for the biggest data breach in the history of mankind, such as Facebook (87+ Million), MyHeritage (92 Million), Under Armour (150 Million), and allegedly 1.1 Billon records from Aadhaar Program (India’s unique identity mission project). In the past few years, both the digital transformation and IoT has pushed more corporate and personal data to the cloud. In 2019, we expect a significant increase in data breaches, especially at the cloud level.
Smart home devices and edge devices will be more vulnerable to attack in 2019: Smart home devices are easy targets to attack and deploy ransomware as they record and store personal data and are, generally, less well protected. Furthermore, edge devices are equipped with limited resources, mostly running on elementary operating systems. Hence, these IoT edge devices are unable to provide any self-defence features, such as the creation of a secure zone to protect stored data and embedded software. Edge devices were found to be vulnerable to sync attacks, false data injection, passive attacks, and malicious nodes.
Security Solution to Secure IoT Ecosystem in 2019
Collaboration and more partnerships among cybersecurity solution providers: Cyber Threat Alliance is one of the best examples of these collaborations that formed to improve the cybersecurity of the global digital ecosystem. These collaborations bring unique resources that bundle the talents and skills of IoT security companies to bring their best solutions together to create more concerted offerings that can not only fight back against malware and botnets but even learn and evolve.
Multi-factor authentication and device identity intelligence: Identity is a fundamental component in securing IoT. Secure identification between the device and human or vice versa was one of the past hurdles. Securing identity between device-to-device interactions and avoiding malicious duplicity is the key to securing IoT in 2019. The identity model has shifted from user-centric in traditional IT systems to machine-centric for IoT systems. Furthermore, multifactor authentication and identity intelligence by complementing each other will become the preferred methods to provide IoT security in 2019.
ML as Shield: In the last year, the adoption of machine learning in IoT security has increased significantly. Currently, machine learning solutions are often used to monitor activity and act if unusual behaviors are detected. Moreover, machine learning will not only process and analyse data much quicker than traditional tools but also will provide predictive analysis of threats and attacks. This means that breach detection times can be reduced significantly, minimizing the potential disruption. It also means that the information security team can prioritize work more effectively. However, the scope for AI will go beyond monitoring user activity on the system. AI as an IoT security tool will not reach its full potential in 2019, but its use will accelerate.
Chip to cloud, security embedded in hardware: We have already seen the adoption of IoT hardware security features such as a hardware security modules (HSM), Physical Unclonable Function (PUF) and TPM 2.0 (Trusted Platform Module). However, embedding security at the MCU-level to create a secure zone that can extend from the chip to the cloud level by integrating players from both ends of the IoT value chain was one of the most promising solutions. Security at the MCU-level will help solve cloning and counterfeit issues and will also establish secure authentication along with a unique identity. Semiconductor players like Microchip, NXP, Renesas, Cypress, STMicroelectronics, and Texas Instrument have already launched different versions of this product type.
Increasingdemand for security personnel in governments and private sector: GDPR ensured that all organizations directly or indirectly involved with data management concerning EU citizens are obliged to comply with the regulations, irrespective of where they are based. This has created a ripple effect of demand for skilled security personnel among both government and private sector which, in turn, has resulted in increased organizational budgeting for staff and training on data protection. We expect this trend to multiply in 2019.
Data protection is a hot topic, especially after the Facebook and Equifax debacles. However, it has always been the subject of serious attention by enterprise security executives and compliance officers.
The Facebook and Cambridge Analytica scandal is a good example of the consequences of mis-utilisation of data and also reminds us of the need for strong data regulation laws rather than self-regulation or guidelines. The dilemma of government control vs. private control on public data has always been a matter of debate and will continue to be so. However, GDPR will bring a multitude of checks and a control on organisations who are responsible for holding public data.
GDPR (General Data Protection Regulation) will play a crucial role for both the organisation and consumer by helping restore the faith lost in organisations that use personal data. It means implementing strict rules for organisations and backs this up with potentially serious consequences in cases of noncompliance and violation. GDPR compliance demands more than basic data-loss prevention or just post-data-loss reporting. It also demands that organisations set pre-defined protocols and precautionary measures to prevent data-loss in the first place. It also advises organisations on using predictive tools to anticipate attacks and take appropriate action against the exploitation of potential vulnerabilities.
GDPR enforcement: When and on Whom?
Starting 25th May 2018, GDPR will be enforced on all organisations who have offices operating in the European Union (EU), do business in countries in the EU, even if based elsewhere, or firms that are directly or indirectly involved with data management concerning EU citizens. Basically, all organisations that are involved in processing, storing, or transmitting personal data of EU citizens will be obliged to comply with GDPR irrespective of where they are based.
In addition, this regulation replaces Data Protection Directive 95/46/EC and adds various clauses, checkpoints which are far stricter than earlier Data Protection Directives.
It also broadens the definition of data protection and the type of data that is regulated to include genetic, medical, economic, cultural, and social data.
GDPR will evaluate data protection and the overall level of security to determine whether the organisation is covered by the GDPR regulation.
Key GDPR challenges
Key challenges with the new GDPR regulations:
Under GDPR, regulations are complex, with close to 500 requirements that will affect governance and cyber-security.
It is mandatory for organisations to notify authorities within 72 hours of becoming aware of any breach. This demands better data breach detection and fast response capabilities. However, many organisations are currently struggling to identify and investigate data breaches within the given time frame, which leads to visibility gaps that delay investigations. Also, non-standardised processes and lack of efficient analytics to detect anomalies further impact the time frame.
Implementation of GDPR must start from the initial development stage of applications. It will be mandatory for all developers to add an extra layer, to test for vulnerabilities, as application vulnerabilities could lead to accidental or unintentional data loss. Application developers need to reconsider risk and privacy during the design process, and security professionals need to find better ways to protect applications in use today.
Violations enforced by GDPR across 28 different EU countries will be up to €20 million or 4 percent of the company’s worldwide annual revenue, whichever is greater. Hence, small-scale companies will face concerns on potential fines in case of violations. In addition, penalties have been discussed separately in the GDPR, which also include:
Penalties for noncompliance of customer consent clause.
Penalties for noncompliance of maintenance of records.
Penalties also apply to both controllers1 and processors2. Hence, cloud providers are not exempt as they can be data processors.
The adoption of these regulations will not only increase the overall data management and cloud services costs to organisation, but can also increase things like the IoT services cost per device, which, up until this point, have been relatively low. Chinese global players especially will need to ensure IoT modules are embedded with keys (hardware security) to ensure authentication and strong cloud security.
Consumer Consent: A lawsuit against Vizio for snooping on users’ viewing habits and settled only for $2.2 Million. However, under GDPR penalties and implications of such scenarios will be far higher.
Starting in 2014, Vizio made TVs that automatically tracked what consumers were watching and transmitted that data back to its servers. Vizio went one step ahead and retrofitted older models by installing its tracking software remotely. All of this, the FTC and AG allege, was done without informing consumers or getting their consent.
Vizio collected a selection of pixels on the screen that it matched to a database of TV, movie, and commercial content. Vizio also identified viewing data from cable or broadband service providers, set-top boxes, streaming devices, DVD players, and over-the-air broadcasts which contributed to as many as 100 billion data points each day from millions of TVs.
Vizio sold the consumers’ viewing histories to advertisers and personal viewing habits to content providers. The company even provided consumers’ IP addresses to data aggregators, who then matched the address with an individual consumer or household. Vizio’s contracts with third parties prohibited the re-identification of consumers and households by name but allowed a host of other personal details – for example, sex, age, income, marital status, household size, education, and home-ownership. Vizio allowed these companies to track and target its consumers across devices.
Vizio had to pay $2.2 million to settle a lawsuit, which alleged that the company was secretly collecting user data and selling it to third parties.
Were this case to have been in the EU and under GDPR, the penalties would have been more severe.
Source: Federal Trade Commission v. Vizio Inc. (No. 2:17-cv-00758) 2017
What does GDPR bring to the table?
IoT applications and solutions will generate huge data, some of which can be personal data. The sustainable growth of the IoT ecosystem will depend on securing this data. The implementation of GDPR will play a crucial role in the smooth growth of the IoT ecosystem.
GDPR is changing the level of awareness on customer data protection and increasing accountability on collecting customer data. As well, boosting confidence within the consumer community and reputation of the organisation.
Standardisation of security policies with a strictness on data protection practices that will lead to organisations’ preparedness with requirements and preparation for core-business plans. However, the major goal of GDPR is not only to provide “ready to use” guidelines for the organisation, but also keep day to day checks on the organisation to ensure that they opt for notification of data loss over the good press.
The race of digitalization has already pushed many organisations to adopt cloud-based data management. However, most of this data is stored either without encryption or lack of multi-factor authentication to access cloud services. However, after the GDPR implementation, all these organisations will be accountable, not only in case of loss of data, but on protocols and methodology of data protection.
GDPR will not only develop a governance framework for the program and assist with technology implementation activities, but it will also become a marketing and advertising buzzword for cyber-security solution providers.
Outlook:
Data use has the power to potentially change the viewpoint of a nation and influence personal choices that go beyond the concern of privacy. Going forward, data will be among the most valuable assets and its protection will be mandatory. The rate of attacks for data acquisition will always tend to increase. However, regulations like GDPR ensure that organisations will pay attention to security. Together with GDPR and other compliance regulations, governments and industry authorities, such as the National Institute of Standards and Technology (NIST), are stepping up to enforce privacy, safety and security regulations on IoT manufacturers. Moreover, the enforcement of GDPR has already created a ripple effect across the world, for example, China’s Personal Information Security Specification has already been implemented from 1st May 2018 and the formulation of India’s Data Protection regulation law is already in motion.
The industry is analysing advantages and disadvantages of GDPR. However, we believe it will push organisations to add an extra level of security, which some considered an unnecessary expense. The major changes in terms of organisational budgeting of data security and staff training on data protection will be mandatory. Overall, GDPR will keep organisations on their toes – the potential costs of getting it wrong have just become much greater.
1 Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
2 Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
We had an opportunity to share our views on “Security in IoT” at the Messe München Electronics Show, an influential trade show and host of the International Embedded System Innovation Forum.
The following is an excerpt of the presentation given at the show.
IoT promises an ecosystem where the connected devices will share massive amounts of data. Many of these devices are becoming intelligent with ability to analyse and implement actions. However, there is a simultaneous need to secure these devices from malicious attacks. This needs the provision of robust hardware and software at the device, in the network as well as in any cloud-level servers. We expect that AI, Machine learning and, potentially, blockchain, will emerge as valuable solutions to protect IoT data. However, before that lets fact-check the current security landscape.
We estimate that more than 80% of devices to be connected could be vulnerable. This will provide many opportunities for hackers to exploit these vulnerabilities.
Solving IoT security is not a destination, but a journey. Securing the four basic vertices in security (Hardware, Software, Network, and Cloud) together will be critical and can help drive sustainable, secure growth for IoT.
Connected Cars, Smart Healthcare and Smart Cities will be the major verticals that will expose the majority of the population quickly. Securing these three sectors will be a priority. A gross failure in any one of them could cause a significant setback for the industry.
It is important to recognize that cyber-crime is a business, not just a technological issue or a “system glitch”. Cyber-security is an arms race – and is often state-sponsored. The defences therefore have to be constantly reviewed and updated; what worked yesterday may not work tomorrow.
Malware, especially Ransomware is rising rapidly and attackers are developing new versions to counter earlier patches or solutions.
Malware attacks are not just limited to the online domain. For example: BlueBorne attacks via Bluetooth potentially affected over 8.2 billion devices worldwide including laptops, cars, smartphones and wearable gadgets.
Connected Car:
Vehicle connectivity will rapidly become the norm. This is being driven by various factors, but by 2025 well over half of all cars sold will have at least one form of connectivity and almost all heavy-goods vehicles. This makes vehicles appealing targets for attackers and cyber-criminals. Low-level activity may include extracting personal data for onward selling. Other lines of attack may be akin to a ransomware attack where a vehicle is prevented from being unlocked or started unless a ransom is paid. At worst a car’s functions may be impaired or the vehicle incapacitated through a malicious attack with fatal consequences.
The rising need for healthcare coupled with pressure to drive down costs are key issues in healthcare. There is a growing requirement for remote, home-based care, especially for chronic conditions like diabetes, and to support ageing-in-place.
Connected healthcare can address this situation via connected devices, monitoring and communication.
Data-sharing and patient monitoring between organizations can significantly enhance the quality and effectiveness of medical care.
The introduction of poorly secured devices creates vulnerabilities that hackers can exploit. This may again be limited to obtaining data illegitimately. It can also lead to crimes such as burglary as criminals can use data to assess when is the best time to break into someone’s home.
Smart Cities:
Smart Cities will drive real-time synchronization between various applications such as smart transportation, smart buildings, environmental monitoring etc.
With many sensors connected to centralized monitoring and control infrastructure, all points will need to be sufficiently robust to ensure system-wide security.
Attacks can take the form of data theft, attacks on infrastructure such as traffic signalling or be ransom-based.
Outlook
IoT devices at this point are quite vulnerable due to lack of end-to-end robust security implementations. IoT malware currently uses default credentials to gain control of devices, the easiest path. Once that door closes, self-evolution will kick-in and attackers will find other entry points. IoT malware is currently basic, but in the future, we will surely see more professional and well-funded attackers.
More collaboration like the Cyber Threat Alliance between IoT security companies to bring coordinated solutions together will be necessary. Unified offerings can fight against malware and botnets but even learn and evolve on their own.
Artificial Intelligence, machine learning, and blockchain will open doors for the Intelligent Internet of Everything (IIoE). Neural networks able to rewrite their own code to evolve, defend and heal against “advance intelligent attacks” is on the horizon.
The comprehensive and in-depth report on “The Anatomy of IoT Security” is a part of our IoT research practice. This complimentary report is available for download here
Counterpoint Research will join hands with Messe München Electronic Show, one of the most influential exhibitions in global electronic devices & components industry, to host the International Embedded System Innovation Forum on 15 Mar at Shanghai New International Expo Center.
Counterpoint analysts and industrial leaders from ARM, Qualcomm, Bosch and other reputable enterprises, will attend and share with audiences the most cutting-edge technological development in the Industrial IoT (IIoT) & IoT security field.
In order to access
Counterpoint Technology Market Research Limited (Company or We hereafter) Web sites, you may be asked to complete a registration form. You are required to provide contact information which is used to enhance the user experience and determine whether you are a paid subscriber or not.
Personal Information
When you register on we ask you for personal information. We use this information to provide you with the best advice and highest-quality service as well as with offers that we think are relevant to you. We may also contact you regarding a Web site problem or other customer service-related issues. We do not sell, share or rent personal information about you collected on Company Web sites.
How to unsubscribe and Termination
You may request to terminate your account or unsubscribe to any email subscriptions or mailing lists at any time.
In accessing and using this Website, User agrees to comply with all applicable laws and agrees not to take any action that would compromise the security or viability of this Website. The Company may terminate User’s access to this Website at any time for any reason. The terms hereunder regarding Accuracy of Information and Third Party Rights shall survive termination.
Website Content and Copyright
This Website is the property of Counterpoint and is protected by international copyright law and conventions. We grant users the right to access and use the Website, so long as such use is for internal information purposes, and User does not alter, copy, disseminate, redistribute or republish any content or feature of this Website. User acknowledges that access to and use of this Website is subject to these TERMS OF USE and any expanded access or use must be approved in writing by the Company.
– Passwords are for user’s individual use
– Passwords may not be shared with others
– Users may not store documents in shared folders.
– Users may not redistribute documents to non-users unless otherwise stated in their contract terms.
Changes or Updates to the Website
The Company reserves the right to change, update or discontinue any aspect of this Website at any time without notice. Your continued use of the Website after any such change constitutes your agreement to these TERMS OF USE, as modified.
Accuracy of Information:
While the information contained on this Website has been obtained from sources believed to be reliable, We disclaims all warranties as to the accuracy, completeness or adequacy of such information. User assumes sole responsibility for the use it makes of this Website to achieve his/her intended results.
Third Party Links:
This Website may contain links to other third party websites, which are provided as additional resources for the convenience of Users. We do not endorse, sponsor or accept any responsibility for these third party websites, User agrees to direct any concerns relating to these third party websites to the relevant website administrator.
Cookies and Tracking
We may monitor how you use our Web sites. It is used solely for purposes of enabling us to provide you with a personalized Web site experience.
This data may also be used in the aggregate, to identify appropriate product offerings and subscription plans. Cookies may be set in order to identify you and determine your access privileges. Cookies are simply identifiers. You have the ability to delete cookie files from your hard disk drive.
Source: Microsoft
