Grand Theft Auto. From Afar.

The Hacking of Things Risk Looms

IoT_security_lOpportunities are there for the taking across the spectrum as billions of everyday objects become connected.

Another thing has been hacked. Last week, Russian software security firm Kaspersky Lab said they found vulnerabilities in Internet-connected cars. Its researchers said that BMW’s connected autos — particularly with BMW’s ConnectedDrive system — exposed the owner to potential risks such as password harvesting and the remote unlocking of doors. BMW’s system relies on the automaker’s in-car platform, a SIM card, a mobile app, a Bluetooth or USB connection to a smartphone and cloud-based services. This provides criminals with several opportunities to find one weak point to gain access to a very high-end product.

Security concerns about the Internet of things have been making the news recently as Web cameras, baby monitors, light bulbs (see Some Light Work in Homeland Security), automobiles and even aeroplanes have become the target of hackers. Some are looking to make an ethical point or a name for themselves. Others aim to break into new businesses such as cyber security companies, which are racing to both highlight potential dangers in smart objects and to sell the cure. CCS Insight predicts that such threats could badly damage the sales and acceptance of connected things, initially preventing the success of security and control applications (see CCS Insight Predictions for 2014 and Beyond).

Any security issues uncovered in connected objects make interesting headlines owing to the current excitement about the Internet of things. These are early days for the platforms and products, so vulnerabilities remain to be exposed. A number of consumers are already wondering why their toasters, washing machines and garage doors need Internet connections, and this perception problem will only cause more confusion and concern, stretching the gap between the initial hype and mainstream roll-out.

If the current euphoria in bringing billions of connected objects to consumers causes security to take a back seat, the market could be set back by years. Companies whose business plans depend on the widespread adoption of the Internet of things would be wise to make security a fundamental part of product development plans. There’s already enough confusion in the market to stall many long-term visions.