The risks of cybersecurity are more complex than ever. Due to the rise of the Internet of Things (IoT) and Artificial Intelligence (AI), by 2020 every person will generate 1.7 megabytes of information per second. As new technologies evolve, cyber criminals adapt and discover new hacking methods to apprehend sensitive data. AI and IoT have the potential to revolutionise society, but what happens when these new technologies are weaponized by cyber criminals?
Unless hardware-based endpoint security solutions are implemented in IoT and AI devices, users leave themselves vulnerable to cyberattacks. Anyone in control of one or more of these devices can access a huge number of computers and networks. Banks, governments, the healthcare industry and even private homes are major risk fields, and cybercriminals are very much aware that the more devices that are interlinked, the more data there is that can be compromised.
About the author
Aaron McIntosh, Marketing Work Group Chair at Trusted Computing Group (TCG).
AI was created to use machine learning (ML) to go beyond the capabilities of a human and see patterns that humans cannot perceive. It is also able to evolve to realize patterns that humans haven’t even programmed them to process. Looking at data in completely new ways opens up so many possibilities but consequently it also opens the door to numerous risks because the dangers of cybersecurity are not properly considered when manufacturing IoT and AI devices.
Financial institutions
Mobile devices, payment cards and payment information are all being made available to platforms (such as Google) and automated devices (like Amazon’s Alexa) that can be used to buy your groceries in the age of smart homes. The appeal of having this information stored on these platforms and devices is the convenience it brings to everyday life; however, the reality is that a lot of people do not really know what is happening to their data. How much can we really have faith in these devices? For manufacturers, the main focus with these devices is customer experience and usability, and as a result, it is not clear how much technology is being focused on securing these devices to protect the people that are using them and their data.
Furthermore, mobile banking apps that are provided by financial institutions learn people’s patterns such as when and where they purchase items. They also have the ability to detect patterns outside your standard weekly operations and use this to create data profiles of an individual person. Banking apps often have much more security than other IoT and AI devices and have built-in fraud alerts, but there is so much data available that there is an incentive for third parties to dedicate time and effort to attempt to gain access and manipulate this data and by extension, banking networks and financial institutions.
Healthcare
With technology in the healthcare industry, the risks are concentrated on a much more individual level. A lot of devices are embedded-type devices that can be found in or on the human body, such as pacemakers or transfusion devices. Despite the intelligent healthcare technology that these devices provide, they are at risk of malware as a result of the low-level cybersecurity that is installed on them. This means that the data stored is vulnerable to being read by a third party and being pulled from the devices. To prevent this, devices need to have a level of trust built into them so that people can prevent intrusion and unauthorized access, which ultimately could result in a life or death situation such as, where a hacker could access a pacemaker and deactivate it or deliberately cause it to malfunction.
Smart homes
Smart homes are bringing more technology to items that a few decades ago would have seemed impossible or absurd: fridges, kettles, lightbulbs, doorbells and so much more! As with online banking, the appeal is to make everyday life operate more smoothly and allow individuals to focus their attention elsewhere. The key to smart home devices is their ability to predict a person’s needs and their daily patterns, which they do by tracking the person’s interaction with the device and recording it. The recorded data is communicated to a server, but if this communication link is not secure then it becomes an easy route for hackers to get into your home. Similarly, if the data stored within the server or database is not encrypted, it is at risk of a breach.
Whilst the idea of your fridge being hacked seems almost amusing, the reality of the danger goes far beyond a hacker knowing how many eggs you eat. Access to your data and all of your other connected devices gives a hacker a way into your home that can cause serious security issues. A lot of these devices are so small that embedding a Trusted Platform Module (TPM) is not a priority for a vendor due to it not being cost-effective, but this decision ultimately affects the consumer in the long term.
Automotive
There has been a huge increase in putting IoT devices in vehicles over recent years, which has brought with it an encouragement for people to subscribe to the idea of monitoring how they drive through a device. Significantly, these have been linked to insurance providers that allow customers to install devices that report data back and reduce insurance fees if driving within a certain set of parameters. However, the cybersecurity risks of devices such as these can have an effect at both a consumer and corporate level, whether the device is a hard-wired black box, a self-installed plug-in that fits into the vehicles onboard diagnostics port (OBD-II dongle) or a mobile app that collects data through the consumers smartphone.
Once a vehicle is connected to the internet, a connection between the insurance provider and vehicle is created, exposing vehicles to hackers. OBD-II dongles can provide remote access to vehicles that can cause serious personal damage, such as through de-activating a car’s brakes. On a larger scale, the insurance provider’s servers that receive the data can also be a target. Potentially, hackers can gain access to the back-end systems and launch remote attacks on entire vehicle fleets. Finally, if networks are not properly segmented, hackers can gain access to insurance provider’s networks that could breach huge amounts of personal data.
Vehicle manufacturers are also increasing the amount of smart systems that are installed in new models. These systems allow the vehicle access to an individual’s phone, contacts, cameras and all other data associated with ‘smart life’. This information is all fed back to the manufacturer and its servers. If a car is sold without the data being properly cleaned, it will stay stored in cloud storage. This opens up a whole range of security risks, such as previous owners having access to cars that are being used by different people, allowing remote access to the car’s functionality as well as the new user’s data. This similarly applies to smart homes: if you sell your home, have the datasets and user credentials been wiped? If these devices are not properly encrypted from the outset and then wiped after each user, it exposes individuals to a huge number of cybersecurity risks.
Cybersecurity in 2020
As we start 2020, there needs to be a significant increase in security on IoT and AI devices from the point of manufacturing, providing security all the way from purchasing and beyond. If a single device does not provide adequate security to prevent cyberattacks, the entire network of that device is immediately exposed. Fixing these weaknesses will provide protection on an individual, corporate and national scale.
