There was a time when the only device you had connected to your network was a PC. Then laptops with a wireless connection came along then after that smartphones and tablets.
But the connected revolution hasn’t ended there – Gartner estimate that currently 5.5 million new ‘things’ – devices from toasters and kettles to cars and hospital equipment are being connected to the internet every single day, which will total 6.4 billion by the end of the year.
That figure is up from 3.8 billion in 2014, and 5 billion in 2015 and is expected to rise to over 20 billion Internet of Things (IoT) devices being connected to the web in 2020.
The idea of automating systems by connecting them to the internet sounds like a good idea in theory, but it also risks creating a huge security headache warn security researchers.
“IoT devices are coming in with security flaws which were out-of-date ten years ago you wouldn’t dream of seeing on a modern PC,” says James Lyne, global head of security research at Sophos.
The only reason these flaws aren’t being exploited right now is that hacker currently have little interest, even though these devices are “trivial” to attack, he said. But don’t get too comfortable.
“Very soon, we’re likely to see a big breach. It’s quite probable that some really shiny, cool, new product is going to come along in the next year which will see massive adoption by consumers and enterprises. When that happens, I think attacker interest will rise,” he continued, adding “the speed of that market means we’re building up to that moment.”
Lyne isn’t the only one who believes a big IoT security breach is coming: cybersecurity expert Bruce Schneier also fears that one is coming sooner rather than later – and that connected cars could be a particularly dangerous target.
“When you start thinking about a car, you quickly realise the integrity and vulnerability threats are much worse than confidentiality threats and there’s real risks to life and property here,” he said, speaking at the recent InfoSecurity Europe conference in London.
It would be bad if someone used the systems in a connected car to carry out surveillance on the driver or passengers he said: “But it’d be really bad if they could disable the brakes. It’d be really bad – and it’ll happen in a year or two – when someone figures out how to apply ransomware to the CPUs of cars. That’s not going to be fun, but as long as there are computers it’ll happen”.
It’s not just a headache for consumers: an infected IoT device on a corporate network could potentially be a doorway for hackers.
“Maybe that wireless kettle isn’t an interesting target, but if it helps you see across to the PC where all the goodies are, that matters,” says Lyne at Sophos.