Secure IoT robots – before it’s too late
Smart technology has made it easier for people to know what’s happening inside their homes and take control of things like heating and cooling, electricity consumption and entertainment options. But before we knew it, we created mini data centers in our homes—ones that don’t have system administrators to worry about such as configurations and security controls. And with more devices incorporating machine learning and AI, the necessary security measures need to be in place. Failure to do so and our homes will become a hotbed for cyber attacks and a danger to ourselves.
The current state of connected devices presents a major threat to consumers due to a lack of security in place to defend against cyberattacks and without realising, these devices have sprung into our homes. Computers, white goods, TVs and game consoles have or are being developed to connect to IoT. Now, robot devices have found their way into our homes with the attraction to make human lives more efficient. However, robots present an extreme danger to the public if security is not properly addressed. Many manufacturers and developers are too preoccupied by sales, and rush to get their products to market, with security left as an afterthought. Security should be implemented at the development stages of the production lifecycle otherwise, if robots continue to lack the necessary security, they will become a danger to human life.
Hackers and security researchers have all infiltrated devices which have led to some chilling outcomes. For example, researchers were able to hack into a popular house robot and program it to wield a screwdriver and stab violently at a tomato. This exploit is an example of how potentially calamitous the scenario could get should a robot be hacked, especially in a home setting. If on the manufacturing line a hacker could configure new code to adjust certain measurements or rule for the robot, the final product could be compromised and this would potentially endanger the consumer.
In the home setting all smart devices, including robotic devices, are connected to the home router, which is the online equivalent of your front door. It represents a critical way-in for hackers due to it being the central hub that connects almost every device in the home. No homeowner would leave their physical front door open but the same cannot be said for the home router, which is being left exposed, unprotected and open to attack. The gravity of the issue is escalated further as its being estimated that by 2022, a typical family home will contain more than 500 smart home devices, making the home a very attractive target to attackers who want to infiltrate the devices and data.
What needs to be understood by consumers and manufactures alike, is that it’s not just about the data that can be stolen from connected devices – it’s about how these can be hijacked in volume and directed at one target, which could be an innocent human. From causing extreme internet service outages to becoming deadly weapons with catastrophic outcomes, the consequence of IoT security not being taken seriously is a very real and tangible problem. That is why the time is now to start taking measures to secure these devices at the most basic level: the hardware.
When it comes to securing IoT in the home, people can take a number of actions to improve security:
Open source – an end to proprietary security by obscurity and instead a 100% “Darwinist” focus on quality, usability and robustness. Code is becoming increasingly complex so let’s get as many eyes on it as possible. And open standards could overcome the dearth of connectivity expertise in the industry.
Secure boot – ensure IoT systems will only boot up if the first piece of software to execute is cryptographically signed by a trusted entity. It needs to match on the other side with a public key or certificate which is hard-coded into the device, anchoring the “Root of Trust” into the hardware to make it tamper proof.
Hardware-assisted virtualisation – this will containerise each software element, keeping critical components safe, secure and isolated from the rest and preventing lateral movement. Secure inter-process communication will allow instructions to travel across this secure separation in a strictly controlled mode. This approach improves on current binary approaches where applications are either trusted or untrusted at a processor level, allowing for as many independent, secure guests as possible.
The arrival of IoT and AI robotic devices into our lives is not a surprise, but users need to take more responsibility for the security in our connected homes until the industry as a whole steps up its security game. The prpl Smart Home Security report shows that a significant amount of users would pay a premium for more secure devices, but until manufacturers make this more of a reality by implementing the above best practice – the user does have to accept a large portion of this responsibility. By implementing the above advice, manufacturers can take some of the most dangerous security issues, helping to protect the user from the risk of personal data theft, fraud or worse.