The Dangers of the Internet of Things

“Security by design is a mandatory prerequisite to securing the IoT macrocosm, the Dyn attack was just a practice run.”

-James Scott, Institute for Critical Infrastructure Technology

Introduction

With the advent of the Internet of Things in every facet of our existence, our lives have never been better. It has become an important hub, promising a  “smarter life”  by establishing communications between different embedded systems with people. The Internet of Things represents a system which consisting of many different kinds of sensors, used alone or combined together to establish connections between one’s self and the surrounding environment. This new technology is pushing the world towards a more connected state, however, we must not disregard the security hazards that come along. The incredible number of connected devices presents numerous points where a malicious attacker may enter one’s system. If compromised, we may see the greatest leakage of personal and private information in our existence. Although its purpose seems harmless enough, we must acknowledge the danger in the future that hackers have the ability to invade one’s private life through their expansive usage and dependence on the Internet of Things.

Background

Before delving into the dangers that come along with the dependence on the Internet of Things (IoT), one must first understand what they are and do for us.

Sometimes referred to as the Internet of Objects, IoTs promise to bring about a technological revolution to the entire world by connecting many objects together in a seamless experience. Clearly, the Internet has made a monumental impact on communications, business, science, education, and humanity as well, by connecting people from the farthest of places. With the IoTs, the Internet will be further utilized as a means of communications between numerous objects.

Each object should be able to recognize themselves and develop intelligence through the information communicated among themselves. This ideology will help create new technologies and applications to provide services for notifications and entertainment to automation and security. In fact, it is projected that by 2020, tens of billions of devices will be connected to the Internet and 50% of all new businesses will rely on IoTs.

With so many devices on the way, a clear outline was designed such that all devices should be able to communicate with one another. The protocol in which these devices will communicate with one another was established by IBM, known as the Open Systems Interconnection (OSI) model. This describes a stack of seven protocol layers, compared to the 4 used by the TCP/IP model. From the first layer to the last, the layers are represented as Physical, Data Link, Network, Transport, Session, Presentation, and Application. The first two, Physical and Data Link, is concerned with how each device is physically connected to the network via hardware. Network defines how routers deliver packets of data between source and destination hosts while transport focuses on end-to-end communication and provides features including reliability, congestion avoidance, and guarantees that packets will be delivered the same order they were sent. The remaining three layers cover the application-level messaging (ex. HTTP/S).

Furthermore, there are various methods of communication that the IoT network technologies utilize. Each technology has their own advantages and disadvantages, however, the most widely used approaches are also currently cellular, Wi-Fi, and Ethernet. These are mainly aimed at providing low-power, low-cost, and long-range connections (With the exception of Wi-Fi, however, it does provide that highest data throughput of all the current approaches). Additionally, they are often used in large-scale deployments in businesses or education. Other mechanisms include BLE (Bluetooth Low Energy) ZigBee, NFC, and RFID. As these newer designs are improved and optimized, they are planned to supersede the older methods as they will provide higher bandwidth while using significantly less power.

As simple as their purpose may be, there is much more complexity behind IoTs than what a normal consumer realizes. This complexity is important, however, because it is how malicious attackers will exploit security flaws.

Current Problems

With the heavy adoption of IoTs throughout all parts of life, hackers have found more and more loopholes to steal one’s information. The need to provide security for IOT infrastructure is of dire importance. A combination of security flaws, non-updateable software, and ignorant programming all lead to possibilities of huge breaches from the inside. Additionally, IOT devices are generally able to access multiple administrative domains, and access to that would allow attacks to become much more widespread and uncontainable. These devices are appealing as they essentially provide an unguarded entrance towards one’s private information without having to go through the front door.

Often times, corporate greed and ignorance are at fault for security breaches found within IOT appliances. For example, often times the micro-controller within the device will run on older or much simpler software. This is to keep profit margins as high as possible as the process to mass-produce becomes cheaper and less complex. For example, software in routers was found to be running on Linux operating systems, that, on average, were four years old from the time the product was initially released. Whether patches during that time were already incorporated is unknown, as well as if further flaws within that version of the operating system were be found post-release. Hackers can easily infiltrate one’s system because of an out-dated and unsafe operating system. Another problem is figuring out how to update products. A common question that we should be asking is how a computer-chip company such as Broadcom or Qualcomm plans on updating the billions of chips within the IOTs. Unfortunately, these companies have chosen to turn a blind eye begin working on the next updated model than keeping their older products usable. The problem with this process is that there is no incentive or ability to participate software once it’s been mass-produced and released to the public. It also leaves older devices more susceptible to attacks as attackers can target flaws not found before. Furthermore, to make matters worse, often times components will not use all of the source code and replace those holes with “binary blobs”, or indiscernible binary code. The result of this is that companies are shipping out half-baked devices to consumers that can do just what is advertised and that’s about it.

Additional means of exploitation include taking advantage of the risks and vulnerabilities of a certain language. For example, hackers may be able to take advantage of a C-based device via buffer overflow. This occurs as nothing in C is range-checked by default, so it becomes very easy to overflow a buffer. The result of “buffer overflows” is that it may change the address of a function is returned to. Another example is writing too few characters into a buffer. The problem here is that C will continue processing, possibly expecting another byte or null terminator. This could result in outputting more information or hitting protected memory for a DOS attack. Simple code reviews and analysis before shipping would easily solve these problems but companies often forego this in order to expedite the process.

Lastly, often times hackers are as good with social engineering as they are with computers. Hackers will rely on human interaction and trick people into breaking normal security procedures. The data is obtained from the interaction is then used to access private systems and or additional data.

Pressure must be put upon companies so as not to take the easy way out. Meanwhile, consumers should be informed and alerted when security flaws and patches are released. With the possibility of 20-50 billion IoTs expected to flood consumers homes and business by 2020, the need for security has never been greater.

Preventing future IOT attacks

Although the Internet of Things may promise of a life of ease, the increasing adoption and integration of these devices into our lives and infrastructure bring many vulnerabilities as well. Despite all the problems current IOTs face in terms of security, there are still some things that consumers can do to protect themselves. For instance, one can ensure that all their smart devices have all their security features enabled and using secure passwords on them as well. For those who are more technologically adept, they can also enable all security features on all devices, close unused ports on devices and routers, and utilize encryption for all networks.

Conclusion

As long as this problem is ignored, attacks are only going to become more dangerous and fixing devices will become more expensive. Paying this cost now, through better software engineering and facilitation, is much cheaper than paying the cost of a possible security disaster. Nevertheless, this rapid deployment and installation of IOTs will require much effort from both companies and consumers to tackle and create solutions for the dangers that come along with it.

References

  1. Eastwood, Gary. “5 Of the Biggest Cybersecurity Risks Surrounding IoT Development.” Network World, Network World, 27 June 2017, www.networkworld.com/article/3204007/internet-of-things/5-of-the-biggest-cybersecurity-risks-surrounding-iot-development.html.
  2. Farooq, M. U., et al. “A Review on Internet of Things.” A Review on Internet of Things, International Journal of Computer Applications, Mar. 2015, pdfs.semanticscholar.org/2006/d0fca0546bdeb7c3f0527ffd299cff7c7ea7.pdf.
  3. Gerber, Anna. “Connecting All the Things in the Internet of Things.” IBM – United States, IBM, 3 Jan. 2018, www.ibm.com/developerworks/library/iot-lp101-connectivity-network-protocols/index.html.
  4. Lucciano, Michael. “How Hackers Are Taking Advantage Of IoT Security Vulnerabilities.” Wireless Design and Development, Wireless, 5 Apr. 2017, www.wirelessdesignmag.com/blog/2017/04/how-hackers-are-taking-advantage-iot-security-vulnerabilities.

Robert F. Christy

“I was an unusual theorist in that my greatest strength was… seeing how theory and experiment related.”

©Philosophy of Science Portal

Introduction

Born on May 14, 1916, the great Canadian-American Physicist Robert Frederick Christy was a major player in the development of the atomic bombs. His service as a theoretical physicist during the Manhattan Project would lead to the successful creation of a working plutonium-based atomic bomb.

Early Life

Robert Christy’s humble beginnings started as an orphan in Vancouver. However, his life would soon turn towards the better when he received the Governor General’s Gold Medal at age 16. This allowed him to skip the remainder of high school to attend the University of British Columbia as a sophomore. Within 3 years, he would complete his Bachelor’s degree in physics and additional 2 years, his Master’s in Physics and Mathematics. Afterwards, he traveled to the University of California at Berkeley, where he met Robert J Oppenheimer, the leading theoretical physicist at the time. Working under Oppenheimer as a graduate student, Christy would receive his doctorate’s degree in 1941 and be immediately hired as a physics professor at the Illinois Institute of Technology. During the fall of that year, he was invited to join the Manhattan Project and work with Enrico Fermi to build the first nuclear reactor. By the winter of 1942, they’d succeeded in creating Chicago Pile-1, the world’s first working nuclear reactor. And finally, in 1943, Oppenheimer would invite Robert to work at the Los Alamos research center for the development of the atomic bombs.

Manhattan Project

Under Hans Bethe, the head of the Theoretical Division in Los Alamos, Robert Christy’s first role was to aid in the development of an aqueous homogeneous reactor. This would test critical mass calculations and the effect of various tamper materials, with a strong emphasis on enriched uranium. Robert would help regain confidence within the Theoretical Division when his prediction of enriched uranium’s critical mass had a mere 1.7% error.

His key contribution, however, was the development of the Christy Pit. The previous design of the plutonium-based bomb could not deal with jets and spalling during the bomb’s drop as they would cause the hollow sphere of plutonium to change shape and prevent the nuclear blast. Robert Christy had an ingenious idea to use an ultraconservative design; he proposed using an almost solid sphere of plutonium slightly less than critical mass, with a small central cavity holding an “initiator” to supply neutrons to get the fission reaction started. When compressed hard enough, the atoms would be forced close enough to achieve critical mass, triggering the chain reaction and nuclear blast. His design would be used in “The Gadget” during the Trinity Bomb Test and in the “Fat Man” bomb during the Nagasaki bombing.

After the War

After the war, Christy would return to the University of Chicago where he became an assistant professor of physics. Soon after, however, he was invited to join the faculty at Caltech in 1946 by Oppenheimer. He turned his research towards astrophysics, where he assisted in creating some of the first computational models of stellar operation. Perhaps his most notable project was Project Orion, which investigated whether or not a spacecraft could be efficiently propelled by a series of controlled nuclear blasts behind the craft, a process known as nuclear pulse propulsion. For his work, he was awarded the Eddington Medal of the Royal Astronomical Society in 1967. Meanwhile, Christy would also be a large proponent of anti-nuclear warfare. In 1945, he became one of the founding members of the Association of Los Alamos Scientists to educate the public on the peaceful uses of atomic energy. He also aided in the studying of the radiation effects of the Hiroshima and Nagasaki bombs. Robert would be named the vice president and provost of Caltech in 1970, and in 1977, briefly become president of Caltech for a year. Unfortunately, he died on October 3, 2012, at the age of 96 in Pasadena, California. His work during the Manhattan Project will always be remembered for its importance in contributing invaluable information towards the development of the atom bomb.

-Timothy Lo

Sources

  1. Broad, William J. “Robert F. Christy, Atom Bomb Physicist, Dies at 96.” The New York Times, The New York Times, 4 Oct. 2012, www.nytimes.com/2012/10/05/science/robert-f-christy-atom-bomb-physicist-dies-at-96.html?ref=obituaries.
  2. Christy, Juliana. “Robert F. Christy (1916 – 2012).” Robert F. Christy (1916 – 2012) | American Astronomical Society, American Astronomical Society, 2012, aas.org/obituaries/robert-f-christy-1916-2012.
  3. Lippincott, Sara. “Robert F. Christy.” Caltech Oral Histories Library, Archives California Institute of Technology, 22 June 1994, oralhistories.library.caltech.edu/129/1/OH_Christy_R.pdf. Accessed 4 Jan. 2018.
  4. Los Angeles Times Staff and Wire Reports. “Robert F. Christy Dies at 96; Manhattan Project Physicist – LA Times.” Los Angeles Times, Los Angeles Times, 5 Oct. 2012, www.latimes.com/local/obituaries/la-me-robert-christy-20121006-story.html.
  5. Svitil, Kathy. “Noted Physicist Robert F. Christy Dies | Caltech.” The California Institute of Technology, The California Institute of Technology, 3 Oct. 2012, www.caltech.edu/news/noted-physicist-robert-f-christy-dies-36918.