IoT Devices: Smart, but No Seatbelt
Updated: Dec 4, 2020
With over a billion connections worldwide, IoT devices have undoubtedly made our lives easier by giving us control over tasks that we thought were impossible. However, with the growing number of devices, the increasing need for security and privacy has remained oblivious to many. With October being Cybersecurity Awareness Month, let's take a moment to look at the fantastic technology of IoT and remain aware of the threats it poses.
Once only used in technical jargon, the term Internet of Things "or IoT has come a long way to where it is now. IoT has directly influenced businesses and multiple industries, from medical and healthcare, infrastructure to automation, and even space.
In layman's terms, IoT means taking any device, or "thing, " and connecting it to the internet and other connected devices. These "things" do not generally refer to general-purpose devices like smartphones or PCs, but all out-of-the-ordinary connected physical devices such as connected coffee machines and refrigerators.
While the idea of connected devices has existed for a long time, the field has seen a meteoric rise with huge advancements in a wide range of technology domains, including sensor technology, cloud computing, machine learning, AI ubiquitous wireless connectivity. Physical things can now collect and share data with minimal human intervention. The divide between the physical world and the digital world just got even smaller!
The Big Boom in IoT
The IoT has reached our homes in smart devices and wearables and drives a digital transformation across various enterprises worldwide. IoT can fundamentally alter the operation of several industries. IoT can be divided mainly into two groups, Customer IoT (CIoT) and Industrial IoT (IIoT), which has been dubbed the fourth industrial revolution.
Although the current pandemic has forced some organizations to rethink their IoT strategies, IoT is still very much an enabler for many industries vying for a higher level of automation and connectivity. Billions of "dumb" devices can be made "smart" by connecting them to the internet, and the cost of turning a dumb device smarter is meager compared to the profits it can reap. Worldwide spending in the field has reached over $742 billion in 2020, and the figures are expected to increase soon. Tech experts have predicted that the enterprise and automotive IoT market will grow to 5.8 billion endpoints this year, with applications containing smarter systems being introduced to many sectors. The number of connected devices will soon exceed the human population, with experts predicting 1 trillion connected devices creating $11 trillion in revenue by 2025. That translates to an extraordinary 100 devices for every person!
IoT Endpoint Market by Segment, 2018-2020, Worldwide (Installed Base, Billions of Units) (Source)
A Growing Blindspot
As the IoT industry grows, the data being shared by these devices becomes more valuable. The amount of data shared by connected devices is expected to be around a whopping 79.4 zettabytes (ZB) by 2025. (One Zettabyte is approximately equal to 1000 Exabytes. To put that in context, one ZB is equivalent to about 250 billion DVDs.) The data can contain incredibly private and sensitive information about people's daily lives, and a staggering amount of the transmitted data is unencrypted.
With every new device connected, additional security hazards and privacy concerns must be addressed. However, security does not appear to be a primary concern of some IoT vendors racing to market. It may be that security is not considered a vital issue among current customers.
When someone wants to buy an IoT-connected coffee machine, the amount of power the device consumes, or the temperature ranges the device can offer are often the questions on the consumer's mind. Security is not a large part of the equation for people buying these devices, and companies seem to be taking advantage of this oversight. Building security into these devices takes time and money – two significant factors any business would like to reduce when releasing a product. The security issues in IoT bear an eerie resemblance to the same issues once faced with the earlier Bluetooth-connected devices, and it seems we haven't learned much from history. People are essentially using IoT devices with virtually no seatbelts to safeguard themselves.
The Looming Danger of an Increasing Threat Space
Not all enterprises are eager to join the IoT bandwagon yet owing to security concerns. As the line between the physical and digital world blurs, these devices' vulnerabilities can have dangerous real-life consequences. These low-cost devices can potentially serve as a gateway for accessing a billion-dollar "secure" network, as any network's security is only as strong as the weakest link.
Cyber-criminals have been able to steal information from a casino's database after gaining access to the network via a smart thermostat fitted in a fish tank. The gaping vulnerabilities exposed in IoT devices could mean hackers can hijack these devices into botnets to carry out DDOS attacks. A massive DDOS attack on a DNS provider that shut down major websites like Twitter, Spotify, Reddit was carried out with an IoT botnet, and variants of such botnet attacks have now emerged. A recent attack showed several Tenda routers were infected for over a year with hackers, allowing hackers to access them remotely.
No IT device has fool-proof security, but frequent patches and updates can reduce risk. However, because of the dynamic services IoT offers and the various devices connected, retrospective defensive updates might prove ineffective as they frequently require downtime, and some IoT devices cannot be taken offline. Instead, security and privacy must be designed from the ground-up into these devices.
However, even including security from the start is a challenge. IoT is a network of a large number of low-cost devices that are generally limited in terms of storage memory and computational power. Complex cryptographic protocols and sophisticated encryption/decryption techniques like the ones securing our PCs and smartphones might, as a result, be limited in the IoT scenario. Another challenge with IoT is that with billions of more devices connected, the environment becomes highly dynamic and diverse.
The growth in remote work during the current pandemic also adds to the difficulty. These connected personal devices in employees' homes are now often connected to the same network as corporate devices. A recent survey of organizations using this technology showed that around 72% of organizations faced an IoT-centric attack in the past 12 months. The issues were related to malware, insecure networks, and compromised credentials. Companies are still looking for new security management methods in the wake of this unprecedented threat landscape.
IoT Security: From a Patent Perspective
Filing for a patent in any domain is an arduous task, but the process is even more challenging with IoT. The very focus of IoT is the interconnectivity between various technologies, which, when considered from a patent view, could encompass several available technologies. Though the field has caught the attention of many innovators in recent years, the concept of interconnectivity between devices has existed for decades, meaning there is substantial prior art to consider that is residing in research papers and other studies.
However, this has not slowed the number of patent filings in the domain. Lumenci has performed a patent analysis in the domain, particularly of the IoT security industry. All charts are prepared from Lumenci’s analysis of patent data from Questel Orbit. The findings show that the filing trends in security have steadily increased over the past decade in various countries as seen in Figure 2 and Figure 3. More than 70% of the patents are filed in the last three years, showing worldwide market players are aware of the looming danger and are proactively looking for measures to curb the vulnerabilities. The number of IoT security patents is relatively low compared to patents in other IoT-related technology areas. Still, industry experts expect a considerable increase in the filings of security patents soon.
IoT Security Industry Patent Filing Trend (2000 - 2018)
(Source - Lumenci)
Countries with Patents in IoT Security Industry - Top 10 (with Count of Patent Families)
(Source - Lumenci)
IoT relies on high-speed wireless networks, cloud-based computing, and the extensive data analysis needed to integrate IoT devices. The top companies in these fields have identified the risks created by low-security features in these devices and have made efforts to become the top patent holders in IoT security.
As illustrated in Figure 4, semiconductors and electronic manufacturers such as Intel and Samsung are leaders in patent filings around IoT security. In addition, technology leaders in wireless networks such as Qualcomm, Cisco, Ericsson, and leading players in cloud-based computing and data analytics such as IBM and Microsoft are patenting aggressively. In some cases, the patent activity is reflected in product launches and services, such as Samsung's IoT SE (Secure Element) and IBM's X-Force services. In 2017, Cisco co-founded the IoT Trust Alliance, a consortium of 17 companies united to develop a blockchain-based secure IoT, which shows the significance that emerging technologies could have in securing IoT.
IoT Security Industry Leaders - Top 10 (with Count of Patent Families)
(Source - Lumenci)
The diverse nature of IoT means that there is no one-stop cybersecurity solution that can guarantee safety. Companies that have adopted first-to-market strategies for commercial gains instead of securing their systems will have to take a step back. Security by design must be incorporated to make the foundation secure. There is also a lack of federally-regulated security standards and protocols governing IoT devices, which only exacerbates the issue.
The use of other emerging technologies like Blockchain can help in securing the IoT systems further. Universities have also contributed to security innovations with students and faculty from Carnegie Mellon designing an "IoT privacy label" for smart devices, just like nutrition labels on food cans to help create an awareness among consumers and encourage manufacturers to disclose their privacy and security practices. We realize IoT is not without its limitations, but the way the industry rises to these challenges will be exciting to watch. To a secure Internet of Things!
Associate at Lumenci
Venkat is an Associate at Lumenci with experience in Telecom. He holds a Bachelor's degree in Electronics and Communications Engineering.