Smart Home

Gartner: IoT breaches may result in physical damage. People safety becomes the primary goal

CISOs need to protect the integrity of Internet of Things (IoT) devices and employ “adaptive trust”, Gartner’s research director Dionisio Zumerle says in a recent interview.

“Digital businesses and the IoT may seem distant from certain enterprise scenarios; in reality, they are not”, Zumerle says. “For example, commercial car sharing implementations leverage smartphone apps as car smart keys, while headless ATMs can deliver money via the customer’s smartphone app.”

According to Gartner’s research director, from a security standpoint, the scale of these interactions can reveal more vulnerabilities and demand caution. In the past year, for example, more than 3.4 million vehicles had to be patched for security vulnerabilities that impacted passenger safety. The fears over the risks of interconnectivity are such, he adds, that China has forbidden its armed forces from using internet-connected wearable technologies.

“The traditional model of information security prioritizes the confidentiality, integrity and availability of information. However, as digital business blurs the digital and physical worlds, digital breaches result in physical damage. As a result, the safety of environments and individuals becomes the primary goal”, Zumerle comments.

Here is a list of the main ideas Gartner’s research director has shared:

Smart devices will increasingly need autonomy to make decisions and take actions that require trust. While the recurrent revelations about pervasive surveillance and the increasing invasiveness of mobile apps have turned the security industry’s attention to confidentiality, trust in components mainly relies on integrity assurance mechanisms, not encryption.

Encrypted tunnels are of no use if the IoT devices that use them can be tampered without leaving a trace. CISOs should place increasing attention on integrity mechanisms and assurance when selecting IoT devices and building IoT systems.

CISOs should also contextualize their IoT approaches. Some principles will emerge, such as updateability. Take the example of the connected car: The average lifetime of a vehicle can be estimated at eight to 10 years, while a smartphone has a life expectancy of approximately two years, after which security and OS updates become infrequent or cease altogether. This situation would lead to connected cars being vulnerable to attacks for six to eight years.

Smart devices will increasingly need autonomy to make decisions and take actions that require trust. While the recurrent revelations about pervasive surveillance and the increasing invasiveness of mobile apps have turned the security industry’s attention to confidentiality, trust in components mainly relies on integrity assurance mechanisms, not encryption.

Read the full interview here.

Recently, researchers from Bitdefender Labs examined four Internet-connected consumer devices and found several common vulnerabilities. The analysis reveals that current authentication mechanisms of internet-connected devices can easily be bypassed to expose networks and users to privacy theft.

“The Internet of Things has the potential to infringe on basic human rights and Internet principles by collecting data with an unprecedented level of detail,” Bitdefender security specialists show in this analysis. “We can learn more about someone than ever, based on the person’s intentional disclosure of eating habits, location, lifestyle, etc. as well as via metadata. And although fragmented data sources seem harmless, by aggregating them, cyber-criminals can create an invasive digital portrait of a person. The IoT expands the reach of surveillance and tracking, leaving users with few or no options to customize privacy settings or control what happens to their data.”

About the author

Răzvan MUREȘAN

Former business journalist, Razvan is passionate about supporting SMEs into building communities and exchanging knowledge on entrepreneurship. He enjoys having innovative approaches on hot topics and thinks that the massive amount of information that attacks us on a daily basis via TV and internet makes us less informed than we even think. The lack of relevance is the main issue in nowadays environment so he plans to emphasize real news on hotforsecurity.com

1 Comment

Click here to post a comment
  • I totally agree with this. IoT devices are getting popular these days, wherever we look new gadgets are coming out which are IoT integrated. But, most of time people forget that, though these devices gives an ease but at same time are vulnerable to cyber-attacks which keep happening on these days.

    Recently some of the attacks came out, which not only infects and take control over system, but the authority of these devices are also sold on dark web through bidding, so its possible with IoT devices also. So, it’s obvious that if these devices get hacked, what a big problem it will become.

    The main concerns comes in because these devices are even capable of operating those things which was even hard to imagine, like its used in car, medical line and now even airlines are also planning to introduce the services which can be related with IoT. The biggest drawback we have already seen is like, car getting hacked remotely through dashboard, so if it’s done it does become life threatening, same applies to medical devices and even the home security devices is also integrated, so which does say a lot how much damage can be made physically as well. The worst part is that, these devices also collects lot of user information, which can be misused once the device get compromised.