Welcome!

How to Implement Large Complex Cloud Solutions

Ed Featherston

Subscribe to Ed Featherston: eMailAlertsEmail Alerts
Get Ed Featherston via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Security Journal, Mobile Enterprise Application Platforms, Internet of Things Journal

Blog Post

Hacking and the Internet of Things | @ThingsExpo #IoT #M2M #API #RTC #InternetOfThings

Medical devices are just one of many examples of how the Internet of Things is changing the game

Hacking and the Internet of Things - It's Not Just About the Data

FDA tells hospitals to stop using a pump that is vulnerable to hackers.'.This headline was all over the internet and news this weekend, with the pump in question being a medical infusion pump that automatically administers dosages of medication to patients in a hospital. A vulnerability was identified that would give ‘hackers the ability to access the pump remotely through a hospital's network,' according to the FDA. A hacker would be able to take remote control of the device and change the dosage of medication being administered. As part of the reporting, many of the cable news shows started showing a clip from the Showtime TV show Homeland. In the episode, terrorists hack into the Vice President's pacemaker, force his heart rate to increase, and effectively assassinate him via remote control.

My wife and I had recently seen that episode while binge watching the show (yes, I know it's been on four seasons already, we are a little behind). That particular episode had hit a little close to home. In the spirit of full disclosure, I have a pacemaker which I discussed this last year in an article on Information Week ‘Internet of Things - It's All About the Ecosystem'. As we watched the episode, my wife had turned to me then and asked, "That can't really happen, can it?" At a personal level, fortunately not, as my particular device is ‘old technology' and does not connect to a network. However, I did explain that newer medical devices, being fully functioning members of the Internet of Things universe, are a different story.

It's not just about the data anymore
Medical devices are just one of many examples of how the Internet of Things is changing the game. The game I'm talking about is the hacking game. Normally, when we hear about hackers in the news, it's on a large macro scale. Huge amounts of data stolen from large corporations, or even the government, with the recent hack of the U.S. Office of Personnel where the information of over 21 million people were breached. Hackers attack a single location to retrieve large amounts of information, but the medical device risks discussed above are different. Those risks are on a micro scale, targeting an individual device, more so, targeting an individual. In this paradigm, the hacker is starting with a large amount of devices, looking for a single location.

Medical devices are not the only Internet of Things devices making news about this potential risk. Some recent examples include:

  • Baby Monitors - Baby monitors are now wireless and have webcams built in. In April of this year, two separate incidents were reported by parents of someone remotely accessing their monitors, and tracking the parent's movements in the baby's room. One couple reported hearing a man's voice saying "Wake up baby, daddy;s coming for you". (Ed, this is terrifying....)
  • Smart Cars - Cars are probably one of the bigger ‘Things' in the Internet of Things. Remote and wireless access to various features is becoming very popular. Then in July, a hacker remotely accessed a Jeep while it was traveling at 70 mph, with the drivers foreknowledge. Without the driver touching controls, air conditioning came on, radio changed stations, and a picture of the hackers appeared on the video display of the vehicle. It should be noted, Chrysler has now issued a recall of 1.4M vehicles as result of that event.

No, the sky is not falling
While some of these stories, and the possibilities they discuss can be disturbing, this is not meant to be an "The Internet of Things will be the downfall of humanity' type of discussion. I will leave that to the groups discussing things like how AI will destroy us all. I bring it up to point out that the Internet of Things is a disruptive technology. Like any disruptive technology, it can turn existing viewpoints and paradigms on their head. We need to be prepared for that. The Internet of Things is not going anywhere anytime soon. One respected industry analyst predicts that there will be 4.9 billion (with a B) connected ‘Things' by the end of this year; that is up 30% from last year. They further predict that the number of ‘Things' will exceed 25 billion in another 5 years. No matter how you view it, that's a lot of devices, in our homes, in our workplace, on our bodies.

As technologists, we need to look at security from a different perspective. We have to think about the potential hackers differently. In the old paradigm, it was protect the data, protect the boundaries of the data centers. That is still valid and needs to be done. In addition, we need to look at protecting the individual device and its functions. Hackers may no longer just target a single point to get lots of data. They may target lots of devices just to get access to individual points. Why? Motives could be many, ranging from non-malicious ‘proving they can' types of attacks, to malicious intent to cause harm. When designing and implementing security on these devices, we must look at it through both lens.

Users also need to be educated in the proper use of the devices they have. Last year for example, there was a website that made national news. They linked to over 73,000 security webcams worldwide. How were they able to do that? Each one of the cameras were still running with the default username/password they were shipped with. They effectively left the car parked, unlocked, with the keys in the ignition.

No technology negates the need for good planning and design
The Internet of Things is bringing us wonderful capabilities, services, and conveniences, some of which we may not even recognize. As with any disruptive technology, there are tradeoffs and risks associated with those conveniences. As technologists, it is up to us to help plan and design for those risks, mitigate and educate. Security in the world of technology is always a delicate balancing act between access, usability, and protection. The risks just must be understood and appropriate measures must be taken to ensure the proper balance is maintained.

This post is brought to you by The CIO Agenda.

KPMG LLP is a Delaware limited liability partnership and is the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. The KPMG name, logo and "cutting through complexity" are registered trademarks or trademarks of KPMG International. The views and opinions expressed herein are those of the authors and do not necessarily represent the views and opinions of KPMG LLP.

More Stories By Ed Featherston

Ed Featherston is VP, Principal Architect at Cloud Technology Partners. He brings 35 years of technology experience in designing, building, and implementing large complex solutions. He has significant expertise in systems integration, Internet/intranet, and cloud technologies. He has delivered projects in various industries, including financial services, pharmacy, government and retail.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.