The Internet of Things (IoT) is a mass of billions of connected devices from cars to wireless wearable products. Cisco's Internet Business Solutions Group estimated 12.5 billion connected devices in existence globally as of 2010 with that number doubling to 25 billion by 2015.
In light of this burgeoning market, we identify five categories of IoT devices at risk in the coming year. CSOs who are aware of the threats and potential damage to their organisations can prepare accordingly.
Once tallied, 2013 connected car revenues should reach $21.7 billion, according to analysts from Visiongain, LTD, with 2014 revenues climbing even further. As of the New Year, Ford and GM will increasingly offer in-car WiFi, turning cars into mobile hotspots and connecting passengers' smartphones, tablets and other devices to the Internet, according to John Pescatore, Director of Emerging Trends, the SANS Institute.
But, in-car WiFi has the same security vulnerabilities as traditional WiFi hotspots. Without the firewalls present in conjunction with small business WiFi installations, in-car devices and data will be at risk. Once inside the network, an attacker can spoof (pose as) the car, connect to outside data sources such as OnStar servers and collect the owner's PII such as credit card data, explains Pescatore. That is just one example. Only the imagination can limit the kinds of attacks that become possible when a hacker owns in-car Wi-Fi, passengers' devices and the car's identity (via spoofing).
"CISOs and CSOs at organizations with people who travel the country should be worried about these vulnerabilities since hackers can use these attacks to access company information," says Jerry Irvine, CIO, Prescient Solutions.
mHealth Applications / Mobile Medical Devices
"The market for wearable wireless devices across sports, fitness and mHealth will grow from 42 million devices in 2013 to 171 million in 2018," says Jonathan Collins, Lead Analyst, ABI Research. As of 2014, hackers will increasingly attack mobile medical devices running Windows, including pacemakers, according to Rodney Joffe, Senior Technologist, Nuestar. Traditional manufacturers use proprietary embedded systems that are hard to hack due to their closed source code and restrictions. But, non-traditional device manufacturers often use a form of Windows.
"Windows is very popular for those devices because it is cheap, ubiquitous and well-known among programmers," explains Joffe. But, unlike Windows on a desktop computer, there is no patching mechanism for Windows on these devices, according to Joffe. The more these devices connect to the Internet through wireless frequencies such as WiFi, the more viruses will spread among them.
CSOs should be concerned about remote access for these devices due to the potential for malicious attacks on employees, health information leaks, and attacks on key executives in order to influence or control the financial stability of the organization, according to Irvine.
Sign up for Computerworld eNewsletters.