IoT - “The uprise and risks”

in #engineering7 years ago

IoT - “The Uprise and Risks”




First time poster here, do not bite please :)


Today I am going to write about IoT (Internet of Things) it’s uprise and the risks it features. But also a bit about a general idea of certain implementations which of some are already used by some companies! Feel free to leave suggestions, corrections and feedback (negative feedback is more than welcome, I am always looking to improve!). Happy reading!


Internet of Things, what is it?


The IoT can be seen as a huge network of devices that are connected and transmit & receive data over the internet. This network can include anything from a smart home solution, your security camera, car, smart plant watering system, … IoT will surely take a big part in Industry 4.0 and our daily life.



[Source]

In the manufacturing sector they have several names for the “generation” of the industry where they are at, the illustration above illustrates the changes nicely. But how can IoT help the manufacturing sector?

It is rather simple actually, an example could be that sensors can be used to easily collect data of the machines which can be fed into AI (Artificial Intelligence) and then predict when maintenance has to be done of certain machines before it actually breaks down which can save a lot of time. The process can also include ERP (Enterprise Resource Planning) systems to e.g order spare parts automatically for the maintenance. Another quick example would be AR (Augmented Reality) that marks out the path an employee has to work, it could also show guidelines, information in real time… A quick example is shown below.



[Source]


The Uprise



[Source]

As we can observe in the above graph from Statista, they predict a whopping 23.14 billion devices by the end of this year (2018) and 30.73 devices by 2020… But why this uprise? Well, the consumer electronics market is growing by a lot and so is the technologic uprise in the industrial sectors. A lot of people are starting to purchase cool toys like smart home systems, security cameras etc… The industry is also in need of sensors and remote devices (see Industry 4.0)

But nearly 31 devices by 2020 is a lot and if we want to connect this through our traditional IPv4 protocol then, you might have guessed it… we do not even have enough IPv4 addresses (theoretically) to provide 15% of all those devices an unique IP address. (However it is true that not every device has its own public IP address in reality but this still forms a big issue!)

This all forms a big issue - if we were to use the newer protocol, IPv6, we would have more than enough addresses for a while - as the theoretical maximum is 2^128 or 3.4 e^38 addresses… However that this is a whole other topic I find it worth pointing out that IPv6 is still not widely used, we are still under a 25% adoption rate according to the statistics that Google can offers us. IPv6 is overall more scalable, less issues with NAT, better security due to proper end-to-end connectivity and more!



[Source]

As a side note: the theoretical maximum amount of IPv4 addresses is equal to 2^32 as an IPv4 is a 32-bit IP address. This gives us roughly more than 4 billion IP addresses (4,294,967,296). This is theoretical because every subnet has a network & broadcast address, there are reserved private IP subnets, reserved subnets for multicast, point to point connections, … Compare the 4,294,967,296 to the 340,282,366,920,938,000,000,000,000,000,000,000,000 addresses… and you might figure out the importance of IPv6 and IoT. (However it should be noted that IPv6 is a bit more complex at the moment in terms of allocation according to the RFCs https://tools.ietf.org/html/rfc3633#section-5.1, https://tools.ietf.org/html/rfc6204#section-4.3, https://tools.ietf.org/html/rfc6177)



[Source]


The Big Security Risks


Since every device is exposed to the internet it can be rather vulnerable. A great example from 2017 could be the 120,000+ IoT cameras that were vulnerable to the Persirai botnet, http://www.zdnet.com/article/120000-iot-cameras-vulnerable-to-new-persirai-botnet-say-researchers/. The cameras were hijacked and used to send out DDoS attacks without the owners of such cameras being aware of what is going on… But why are IoT devices such a big security risk? Simply because some devices are manufactured rather cheaply and do not get any future updates or support anymore after their support (just like a lot of phones, you can be lucky with a year of updates or so and then we are talking about phones). Big IoT devices such as smart home solutions that are developed by big names would not suffer that greatly (in theory) about updates but there is still the risk - your device is possibly open and ready to be abused by someone else… And would you really like someone being able to see through your cameras? Listen along in yours house? (Apart from governments of course ;))

Some notable IoT hacking incidents are things like the Wi-Fi baby heart monitor, https://www.theregister.co.uk/2016/10/13/possibly_worst_iot_security_failure_yet/, Mirai (Dyn Attack), http://www.telegraph.co.uk/technology/2016/10/24/hackers-used-hijacked-webcams-to-bring-down-internet/, the hacked jeep, https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/.

Another big fear are Meltdown & Spectre, our wonderful Christmas gift, as pretty much every CPU is vulnerable to this exploit… A lot of CPU would either need to be replaced or microcode needs to be patched and both are costly processes and a lot of things will not get any updates at all because of unaware users and possible no updates at all if the device aged a fair bit... If you have not heard about Meltdown & Spectre yet then I highly suggest you come under your rock and take a look at https://meltdownattack.com/.


Sources


https://en.wikipedia.org/wiki/Industry_4.0
https://www.i-scoop.eu/industry-40-virtual-reality-vr-augmented-reality-ar-trends/
https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/
https://en.wikipedia.org/wiki/Reserved_IP_addresses
https://www.google.com/intl/
en/ipv6/statistics.html#tab=ipv6-adoption&tab=ipv6-adoption
https://www.google.com/intl/en/ipv6/statistics.html#tab=per-country-ipv6-adoption&tab=per-country-ipv6-adoption
https://iot6.eu/ipv6_for_iot
http://www.zdnet.com/article/120000-iot-cameras-vulnerable-to-new-persirai-botnet-say-researchers/