The Internet of Things (IoT) is the interconnection of everyday computerized devices linked through the Internet that enables them to send and receive data. IoT means different things to different people, and in this post we walk you through various IoT perspectives.
Brief History of the IoT
Back in 1982, the Internet was still something unknown to most people. This was the year that the very first “Internet of Things” (IoT) device went online. It was a Coca-Cola vending machine that could report back to the office how much merchandise was still available, and if the Coke was cold or not. The World Wide Web was born eight years later, when Tim Berners-Lee uploaded the very first website onto a server at the CERN particle physics laboratory in Switzerland, in 1990.
Since then, much has changed, and the term “IoT” has become a household term. One reason for this has been the massive drop in prices for SoCs (Systems on a Chip) and other microcontrollers, making it affordable to add connectivity to many appliances that, in the past, never used to connect to anything more than a power outlet. Current examples of IoT “things” are smart refrigerators, smart lighting systems, and home security cameras.
However, not all devices fall under the umbrella definition of IoT. The above-mentioned smart light bulb is certainly an IoT device, but what about others? Is a smartphone or a tablet an IoT device? What about a home router? And the definition of the term becomes most relevant when you talk about the services and products that deal with the IoT and the challenges it raises.
What Defines an IoT Device?
There are certain factors, that can qualify a device as an IoT device. These include:
Does your IoT device include one or more of the following categories?
• High volume production
• High availability in retail
• Very limited set of functions
• Low power
• Low performance
• Communication as added functionality
• Main purpose of device is something other than connectivity
• Low price and/or low re-sell margin
• Always on
Not all the above criteria have to be checked off to deem a device IoT—it all really depends on the angle from which you are looking.
A little IoT fun…
For hackers, IoT devices are an irresistible temptation. They can serve as sources for hacks and intelligence gathering, amplifiers in a DDoS attack, and even CPU sources for cryptominers.
From this perspective, the high volume, easy access, always on, and low margin aspects of a target device makes it an IoT device. The hacker can just go and buy one, or multiple devices in a store, spend months finding a hack by reverse engineering the hardware, and because of the low margin that the vendor accrues, he can be sure there will be no fixed or updated firmware by the time the hacker has identified an exploitable bug. And by this definition, home routers, smart TVs, and many smartphones are also IoT.
Enterprises also use connected devices to manage their businesses. For example, an operator of vending machines may want to know about the status of each point of sale, and how they can also offer payment methods that require connectivity. As most of these devices are connected through mobile networks, they will be directly impacted by the forthcoming 5G standard for wireless connectivity, with its low bandwidth, and low power consumption profiles for Enterprise IoT (EIoT) applications. Other examples of EIoT are sensors for environmental statistics (such as for weather and pollution), smart meters, elevators, and connected cars.
These devices are also interesting targets for hackers, but the motivation for cybercriminals to attack them is different. EIoT devices can provide a gateway into the internal networks of an enterprise, which can lead to the theft of data, credit card credentials, and the compromise of intellectual property.
Home User’s Perspective
For most home users, the Internet is for… “Facebook”! Today, most traffic on the Internet originates from smart phones, and the biggest proportion of it drains into social media. So, for most private users, the differentiator between IoT and non-IoT would be the screen connected to the device. Can I use Facebook on it? If yes, it is not IoT. If not, then it is. This means, the Network-Attached Storage (NAS) in the house, the router, the IP-Camera in the garage, the Amazon buy button, the smart home alarm system, the home automation system for heating and cooling, and your smart lighting setup—all of this is IoT. And the Smart TV? Well, not really, as it has a Facebook app already installed on it…
When using IoT, the main concern of the home user is privacy. Could my IoT device potentially spy on me?
Connectivity of the IoT at home is also very different from EIoT. Most of these home IoT devices use Wi-Fi or other short-range communication like Bluetooth or Wimax, and the connection to the Internet is then performed through the home router.
For an ISP or CSP, all the above perspectives are relevant. Compromised IoT devices fuel DDoS attacks, which can have a severe impact on the ISP backbone and reputation. Protecting against these threats is necessary to defend the ISP’s own infrastructure.
IoT is a specific business case, where the ISP can offer a unique Security as a Service (SECaaS) solution to differentiate its offering in the market from the competition.
The increasing devices connected by end users create a different and higher traffic base line. They also open new opportunities for selling SECaaS to end users in fixed line networks. Home users will want to benefit from the new possibilities, but are afraid of the risks these little electronic helpers create by exposing their home and privacy to the Internet.
Vendors of network security solutions like Allot, who have ISPs as their targeted customers, should address the above challenges with solutions tailored to specific requirements. When talking about IoT, we must be sure that they are talking about the same thing.
To summarize, we raised the question and will raise it again, and again: What is the IoT? What do you need to address the challenges and opportunities it brings? So, when talking to your designated vendor of IoT security solutions, come prepared with the right questions and definitions, what IoT means to you and your use case!