Greetings, and welcome. This week, the U.S. Federal Bureau of Investigation (FBI) joins the growing concern about IoT device security. Meanwhile, scientists use IoT sensors to warn of pollution from Hawai’i’s Kilauea volcano. As always, your thoughts, reactions, and suggestions welcome. Just send a quick email to email@example.com. And for more on the IoT and IIoT, check out “DortchOnIT’s Industrial Internet of Things (IIoT) Weekly.” Thanks.
FBI PSA: IoT Devices Can Enable “Malicious Cyber Activities”
What Happened: The FBI issued a public service announcement (PSA) that highlights the growing popularity of IoT devices as cyber attack vectors.
- The PSA, issued by the FBI’s Internet Crime Complaint Center (IC3), states its case pretty plainly in its all-caps headline: “CYBER ACTORS USE INTERNET OF THINGS DEVICES AS PROXIES FOR ANONYMITY AND PURSUIT OF MALICIOUS CYBER ACTIVITIES.”
- The FBI announcement also explains how and why hackers and attackers go after IoT devices. Those devices serve as “as proxies or intermediaries for Internet requests to route malicious traffic for cyber-attacks and computer network exploitation.” Once compromised, those proxies “provide a layer of anonymity by transmitting all Internet requests through the victim device’s IP address.”
- That anonymity makes it “difficult to filter regular traffic from malicious traffic.” And the PSA notes that malicious traffic can be used to perform all manner of nefarious tasks, from the sending of spam emails to providing “IoT botnets to other cyber actors for financial gain.” (See “TWiTIoT: This Week in The Internet of Things – IoT Cybersecurity? What IoT Cybersecurity?”)
- The FBI added that malefactors “typically compromise devices with weak authentication, unpatched firmware or other software vulnerabilities, or employ brute force attacks on devices with default usernames and passwords.” Examples of targeted devices include “routers, wireless radios, time clocks, audio/video streaming devices, Raspberry Pis, IP cameras, DVRs, satellite antenna equipment, smart garage door openers, and network attached storage devices.”
What It Means: The problem of poor IoT device security, already generating significant concern worldwide, gains additional attention. Whether or how much that additional attention will help to improve IoT device security remains to be seen.
What You Should Do: The FBI PSA includes several recommendations to improve your IoT device security.
- “Reboot devices regularly, as most malware is stored in memory and removed upon a device reboot. It is important to do this regularly as many actors compete for the same pool of devices and use automated scripts to identify vulnerabilities and infect devices.
- “Change default usernames and passwords [wherever device features permit] to improve IoT device security.
- “Use anti-virus [software] regularly and ensure it is up to date.
- “Ensure all IoT device security is up to date and security patches are incorporated [wherever device features permit].
- “Configure network firewalls to block traffic from unauthorized IP addresses and disable port forwarding.
- “Isolate IoT devices from other network connections.”
In Hawai’i, Scientists Use IoT to Combat Volcanic Air Pollution
What Happened: A network of IoT sensors is enabling scientists to combat pollution from Hawai’i’s erupting Kilauea volcano.
- As the developer-focused web site DZone reported, MIT scientists have joined with Hawai’i’s Kohala Center to create “a Hawai‘i Island Vog Network that provides real-time measurements of hazardous fumes, like sulfur dioxide and particulate matter.” (“Vog” is a combination of smog and volcanic gasses.) The network’s builders “hope to learn more about the transport of pollutants in Hawaii’s atmosphere, while providing the information they find to the public through accessible means.”
- Its web site says The Kohala Center “is an independent, community-based center for research, conservation, and education. We turn research and ancestral knowledge into action, so that communities in Hawai‘i and around the world can thrive—ecologically, economically, culturally, and socially.” The MIT scientists involved are members of The Kroll Lab, where they focus on “chemistry of organic compounds in the earth’s atmosphere.”
- Kilauea, Hawai’i’s most active volcano, erupted in May. “In a month’s time, Kilauea destroyed around 700 homes, caused at least 21 fissures to emerge, and exposed residents to high levels of sulfur dioxide gas. Even today, these hazardous fumes are seething from the volcano with geologists warning that these eruptions could last for months or years to come.”
- “Typically, the Environmental Protection Agency (EPA) creates air quality stations to monitor toxins and pollutants. In the United States, each station costs about $100,000 to get up and running. However, the data they collect isn’t always easily obtainable for the general public.” In contrast, the low-powered IoT sensors of the Hawai‘i Island Vog Network “cost roughly $1,000, and there are minimal recurring costs.” “The sensors small size and cost also allow them to be deployed more widely than typical air quality monitors, which means that they capture highly localized air quality data.”
- Network connectivity means data can easily be shared with the public and researchers in other locations. MIT and Kohala Center scientists have “already partnered with local schools on the big island to weave in environmental science and data analysis into the curriculum. They will also be launching a website soon with all the information from the sensors, allowing residents to log in and check air quality easily.”
- Beyond Hawai’i, MIT scientist David Hagan is deploying IoT sensors and networks to monitor air quality in India. “According to the World Health Organization, India contains 14 of the world’s most polluted cities.” Eventually, “David hopes to gain a complete understanding of atmospheric air quality and strives to help governments mitigate air pollution effects in cities.”
What It Means: IoT technologies can enable all kinds of “real-world” benefits beyond IT. According to expertsat global business consulting powerhouse Accenture, the so-called “Industrial Internet of Things” or “IIoT” “could add $14.2 trillion to the global economy by 2030.” “Arguably the biggest driver of productivity and growth in the next decade, the Industrial Internet of Things will accelerate the reinvention of sectors that account for almost two-thirds of world output.” (See “Microsoft’s IoT R&D Commitment: The $5-Billion Tip of a Multi-Billion-Dollar Iceberg” and “DortchOnIT’s Industrial Internet of Things (IIoT) Weekly.”)
What You Should Do: If you are pursuing or considering an IoT project at your business, look for opportunities to deliver benefits beyond IT. Especially if your business is already considering or deploying smart, connected devices on the factory floor, at the warehouse loading docks, or in the kitchens and break rooms. You should also educate users about why they shouldn’t connect their fitness monitors or smart speakers to the network without at least asking first. Ensuring the security of as many IoT deployments at your business as possible may be the single most valuable IoT-related thing you can do.