A tremendous amount of attention has been lavished on machine-to-machine (M2M) communications. One of its great selling points is its ubiquity. It holds the promise of burrowing into the nooks and crannies of everyday life and providing communications affecting a massive number of mundane uses. It’s a terrific time and labor saver – if things go according to plan.
Believe it or not – and I know this is shocking – things don’t always go according to Hoyle. M2M, if compromised, can turn those rote procedures and promises into real headaches. The Internet of Things can turn into the Internet of Troubles.
PCWorld reported on a study by IOActive that claimed to have found “a host” of vulnerabilities in sensors that leave them open to radio-borne attacks from as far as 40 miles away. The researchers said that sensors from three major wireless automation system vendors, which communicate in the 900 MHz and 2.4 GHz bands, had a number of problems:
For example, they found some families of sensors shipped with identical cryptographic keys. It means that several companies may be using devices that all share the same keys, putting them at a greater risk of attack if a key is compromised.
The researchers, Lucas Apa and Carlos Mario Penagos, will present their findings at the Black Hat conference in Las Vegas. They found it possible to do such things as modify readings and disable sensors, the story said.
In a story at ZDNet early this year, Michael Lee tracked efforts to protect the integrity of M2M communications. One particularly troublesome issue is that sensors generally run on limited batteries. The goal of a distributed denial of service (DDoS) attack is to take the device out of service by forcing it to field all of the incoming requests. This will be done even more quickly if the demand kills the sensor’s battery.
Frost & Sullivan suggests that a holistic approach is necessary for M2M to be safe. The firm said that there are layers of security in various elements of the M2M chain that observers feel are adequate for today’s requirements, but that a deeper layer of security will be necessary as the uses of M2M evolve.
On the other side of the equation, M2M – when the system itself is free of malware and other problems – can be a great boost to security. Government Security News’ Markus Breitbach cites the use of M2M in a networked security camera installation as an example of the value of the technology:
An M2M-based surveillance solution saves security professionals from the consuming and often incomplete task of manually evaluating data and images captured by networked cameras. With M2M-enabled devices loaded with software, these smarter cameras can analyze images and process relevant data -- and can even contact security professionals over a mobile network by sending a text message to alert in a security intrusion event.
The two issues, of course, are different: One deals with the security of M2M itself, the other with how the technology can be harnessed for security applications. The bottom line, though, is that both suggest the deep connection of M2M with everyday activities. M2M will be a key to maintaining security or, if misused, disrupting it. These outcomes, good and bad, will happen without human intervention. Great care must be taken to directly design and deploy this technology.