Like any other technology, that enormous and growing area known as the Internet of Everything (IoE) did not spring into existence from out of a vacuum. While it is true to say that the electric lightbulb did not come from constant refinement of the candle, it did grow from a constant search to find more effective ways to illuminate a space.
The earliest reference I can find to something which resembles IoE as we know it today comes from a newspaper interview in 1926. Nikola Tesla is asked what he foresees after the advent of wireless. He describes “innumerable transmitters and receivers” taking care of “domestic management, heat, light and household mechanics.” He may as well have been describing my house today. The earliest wearable computer dates all the way back to 1955, a research project by Edward Thorp designed to increase the odds of winning at roulette, and the heads-up display, something we think of as very much “of our era”, originated in 1967 when Hubert Upton of Bell Labs was experimenting with technology to improve the lives of those who rely on lip-reading. Of course, the innovation doesn’t stop there, it has only accelerated year on year and will continue to do so.
While attacks on ‘smart’ or ‘connected’ devices are still not commonplace, criminals are already probing the possibilities for malfeasance offered by the new world of connected and unsecured devices. We have already seen real world attacks on digital video recorders and IP cameras among others, for Bitcoin mining and to recruit IoT devices into DDoS botnets like Mirai, Persirai and Reaper. These were no random infections as the malware in question was deliberately designed to target these devices.
"It is disheartening that in the rush to market, security is still so often an afterthought for vendors in the emerging IoE space"
We have also seen several attacks aimed at compromising home routers; these platforms offer a particularly well-placed vantage point for man-in-the-middle attacks against smart devices, negating the need to infect individual devices by placing the attacker directly in the data stream of any device behind the router.
In addition, recent proof-of-concept attacks against smart home lighting solutions, electric car management systems and Smart TVs. Unfortunately, many of these current attacks and PoCs rely on poor design or security practices by the manufacturer rather than any code-level vulnerability in weakness in operating systems or interfaces. Unless proper authentication of the integrity, provenance and validity of information can be designed into the processes, devices and decision-making of the future, we’re not just opening up a new attack vector, we’re opening up our lives, our enterprises and our homes.
It is disheartening that in the rush to market, security is still so often an afterthought for vendors in the emerging IoE space. It was 15 years ago that Bill Gates sent his celebrated ‘Trustworthy Computing’ memo to ‘Microsoft & Subsidiaries’. To quote from that famous communiqué:
“Going forward, we must develop technologies and policies that help businesses better manage ever larger networks of PCs, servers and other intelligent devices, knowing that their critical business systems are safe from harm. Systems will have to become self-managing and inherently resilient. We need to prepare now for the kind of software that will make this happen.” This has never been more true and relevant than now.