antoniodiaz // Shutterstock
5 things to know about the Internet of Things
The internet of things has become a buzzword you’ve likely seen in the news over the last several years. As more people buy smartwatches, autopilot-enabled cars, smart TVs, game consoles, or even smart refrigerators, the internet of things grows in its vastness and depth, with billions of electronics online at any moment.
These rapid technological developments are enough to make your head spin as a consumer. IoT Secure demystifies the internet of things and the most common electronic devices and networks linked to it.
You can buy practically any appliance now that has been enabled with “smart technology”—generally a type of tiny transmitter, from a radio frequency identification tag to smartphones and tablets linked to cellular networks. These devices’ communications range from a simple ping verifying location to a full user interface with built-in GPS, like a smartwatch. Their defining feature is that they can not only communicate with one another, but also transmit data to a central hub like a corporation or manufacturer. Then there are devices designed for constant interaction with humans. For example, a smartwatch that records not only your exercise heart rate and calories burned, but also logs how many hours you sleep.
Read on to find answers to some of the most common questions about IoT devices. We’ll demystify the technology, as well as present some of the risks you may have heard about from linking your Alexa or home thermostat to the internet.
Friends Stock // Shutterstock
Where you find IoT devices in everyday life
In 2022, it’s hard to overstate how common it is to find devices that are part of the internet of things, or IoT. Smartwatches are the most popular IoT, with Apple shipping 31 million Apple Watches in 2019 alone. Smartwatches are usually tied to your cellular provider so it can stay online while you roam. A lot of the information they gather is the same data that you’d find being constantly collected by your smartphone.
Gaming consoles are the second most popular type of device linked to IoT, with high-speed internet connections that download new games and keep others constantly online. Smart TVs are the third most popular, as more people opt for big screens that can seamlessly stream all their favorite shows. The fourth most popular type of IoT is voice-controlled devices like Alexa, which also introduces a host of questions about privacy and security.
The fifth most popular IoT category is scanners and printers. You’ll still find many in home offices, despite smartphone camera apps more recently replacing their functions. The sixth and the most important type of IoT for home security is also the most potentially problematic for privacy: video cameras. This applies especially to cameras on laptops and tablets equipped with microphones that can detect and record conversations.
McLittle Stock // Shutterstock
How IoT devices communicate
IoT devices are all connected to the internet and designed to form systems to communicate amongst themselves as part of an interlinked network. This interconnectivity allows them to automate or remotely control different processes, like turning off lights or monitoring your backyard. IoT devices can collect and transmit information, just like almost every other electronic device.
The simplest type of IoT is radio frequency identification, or RFID, which is when devices send pings back and forth to indicate their location. Other devices grow in complexity as they use more bandwidth, transmitting continuously via Bluetooth, Wi-Fi, and cellular networks.
RossHelen // Shutterstock
The types of information IoT devices collect and transmit
IoT devices collect data for automation, like when you tell your smart thermostat what hours you’re away from home and when to warm up your bedroom. All the collected data form an impression of how you use your devices so devices can begin to forecast behavioral patterns. This can make for better predictions—as well as highly targeted marketing—that represent the highest and often controversial value captured by Amazon and other corporations that operate IoT products.
Zapp2Photo // Shutterstock
How IoT data is used
A variety of industries use IoT device data. Companies can use ongoing location data from devices like smartwatches to create profiles of users’ daily commutes, plus locations commuters are avoiding due to service outages or construction.
Logistics companies can use container RFID and GPS data to identify efficiencies and sell lower-cost shipping. Electric utilities can use consumer thermostat data to help adjust the grid for lower power consumption depending on the time of day, seasonality, and severe temperature swings. As robots and other devices integrate improved RFID technology, manufacturers hope to combine IoT with artificial intelligence to revolutionize how they measure and improve the performance of their machinery.
MONOPOLY919 // Shutterstock
Risks to your network of devices
We’ve seen the ways that IoT can improve consumer experiences and change industries, but what about the security risks? In general, the more IoT devices and networks that interact with your life, the greater the risks will be that one of them could be targeted by hackers. Despite precautions such as Wi-Fi router encryption and network password changes, there is always some possibility that hackers can intercept the data being transmitted by smart devices.
There’s also an additional risk that hackers could send false or malicious data to the devices themselves, like changing the thermostat to overheat your house, or reprogramming your onboard GPS that you use for directions. In one example of IoT security vulnerabilities, one teenage hacker recently claims to have infiltrated dozens of Tesla electric vehicles across 13 countries due to owners not safeguarding their settings.
News stories in recent years have highlighted how data gathered by worn devices and smartphones can reveal sensitive sites, protection protocols for important figures, or even military troop locations on the battlefield. In 2018 Wired and the Washington Post reported that FitBit smartwatches worn by deployed U.S. special forces personnel during workouts were a big concern for the Pentagon, after data linked to a smartwatch fitness app exposed the locations of sensitive bases in Afghanistan and Syria.
Read more articles on IoT:
Caroline Delbert
Caroline Delbert is a writer, book editor, researcher, and avid reader. She's also an enthusiast of just about everything. Her recent work has appeared in Popular Mechanics and Scientific American.
Share This Blog
faq
- Discover, track and identify IoT devices
- Safely detect IoT-specific vulnerabilities that vulnerability scanners often miss
- Summarize IoT inventory and vulnerabilities in the report
Safe on Devices: The IoT-miniTM uses a proprietary non-intrusive technique called PortSafeTM Inspection. Unlike vulnerability scanners, PortSafeTM will not interfere with devices as it discovers, identifies, and does vulnerability detection on devices.
Safe on the Network: Unlike competitve solutions, the IoT-miniTM does not use network TAP/SPAN ports, so there is no addition load on the switch to duplicate packets which can cause network performance issues. Also, the IoT-miniTM generates only a small fraction of traffic vs. network scans.
The Benefit: Now you can safely and confidently discover and vulnerability test sensitive and resource-constrained devices that are excluded from intrusive vulnerability scans, without concern of crashing devices or causing network performance issues.
The IoT-miniTM will only use locally accessible network information protocols to obtain information about local devices to be profiled. As such, no data could be used to identify or attack any customer. The data would be useless without direct access to the network, and direct access to the network would allow access to this information anyway.
The IoT-miniTM will connect to our CloudPortal® a minimum of every 5 minutes to access the updates and databases that help determine what tests to perform for a given device. There is no collection of packets or any potentially sensitive data in any way, not directly to the appliance itself or out to our CloudPortal®. Any data that is retained is stored in the geographic region of the customer’s choosing.
The IoT-miniTM will attempt to communicate with devices to assist in device profiling and vulnerability detection. This communication is minimal, a small fraction of the traffic in comparison to network scanners, and done interatively to avoid any impact to the device or network.
These measures provide assurance to our customers and partners that we will not gather or maintain any of their sensitive or protected information in our systems and that we be safe on the network and to devices.
The Internet of Things (IoT) is a general category of connected devices that do not necessarily meet the classic description of a computer and are commonly designed for a single purpose. Examples of IoT devices include medical devices, HVAC controllers, door access controllers, IP Cameras, Smart TVs, smart watches, and speakers.
Virtually every network, whether a large corporate intranet or a simple home Wi-Fi network, has IoT devices on it. Most are unknown or unmanaged devices and hard to secure, making it challenging to know what IoT is on the network, where they are, where they are communicating, and whether they are vulnerable. Traditional security tools can’t keep up, making dedicated IoT security solutions a critical piece of any enterprise security strategy.
- risky default behavior like creating open services, have hard-coded passwords or data collection and transmission on their own to other devices
- lack built-in security and security patching from the manufacturer
- can’t run endpoint agents or don’t produce logs, so they are hard to monitor
- can’t be scanned for vulnerabilities because they are resource constrained and easily crash
- create Shadow IT problems as they are easily deployed without IT oversight
- Plug in the CAT6 Ethernet cable to a working ethernet port on the network to be scanned
- Plug in the power supply
- Scan the QR code to activate the IoT-miniTM
- Wait 24 hours for the report to be delivered to your inbox
We have a limited supply of IoT-minisTM and they are currently available at no charge. The initial report is currently available free of charge. Restrictions include: 1) You must be an IT employee of a company that: a) has greater than 200 employees, or b) is a value-added reseller, or c) is a managed service provider or d) is a professional security auditor. 2) You will not use the IoT-miniTM or the information it provides for malicious purposes, or to compete in any way with IoT Secure. 3) The IoT-miniTM and any information produced by the IoT-mini must not be used for resell purposes without express, written permission by IoT Secure.
4) The IoT-miniTM is for use on corporate networks. Restrictions are subject to change without notice.
The IoT-miniTM can assess any network environment it’s connected to and activated on. If you need to test additional networks, please contact sales@iotsecure.io.
Once the IoT-mini is connected to a network and activated, it begins inspecting and identifying devices. Within 24-48 hours (depending on the size of the network), you will be contacted to schedule a report review with an engineer.
The IoT-miniTM Pro+ uses the same device as the IoT-miniTM FREE, but it is upgraded to provide automated assessments on an entire corporate network, advanced IoT inventory and vulnerability detection, device-level behavior monitoring, granular configuration options and a real-time dashboard.
The IoT-maxTM is a high capacity, full enterprise-level solution that has all the features as the IoT-miniTM Pro +, but it also provides integration of results into existing tools such as SIEM, NAC, Asset & Vulnerability Management, ITSM, etc.
Please send us an email with your questions to sales@iotsecure.io