Welcome!

@ThingsExpo Authors: Carmen Gonzalez, Elizabeth White, Pat Romanski, Liz McMillan, Zakia Bouachraoui

Related Topics: @ThingsExpo, Mobile IoT, Cloud Security

@ThingsExpo: Blog Post

Hacking and the Internet of Things | @ThingsExpo #IoT #M2M #API #RTC #InternetOfThings

Medical devices are just one of many examples of how the Internet of Things is changing the game

Hacking and the Internet of Things - It's Not Just About the Data

FDA tells hospitals to stop using a pump that is vulnerable to hackers.'.This headline was all over the internet and news this weekend, with the pump in question being a medical infusion pump that automatically administers dosages of medication to patients in a hospital. A vulnerability was identified that would give ‘hackers the ability to access the pump remotely through a hospital's network,' according to the FDA. A hacker would be able to take remote control of the device and change the dosage of medication being administered. As part of the reporting, many of the cable news shows started showing a clip from the Showtime TV show Homeland. In the episode, terrorists hack into the Vice President's pacemaker, force his heart rate to increase, and effectively assassinate him via remote control.

My wife and I had recently seen that episode while binge watching the show (yes, I know it's been on four seasons already, we are a little behind). That particular episode had hit a little close to home. In the spirit of full disclosure, I have a pacemaker which I discussed this last year in an article on Information Week ‘Internet of Things - It's All About the Ecosystem'. As we watched the episode, my wife had turned to me then and asked, "That can't really happen, can it?" At a personal level, fortunately not, as my particular device is ‘old technology' and does not connect to a network. However, I did explain that newer medical devices, being fully functioning members of the Internet of Things universe, are a different story.

It's not just about the data anymore
Medical devices are just one of many examples of how the Internet of Things is changing the game. The game I'm talking about is the hacking game. Normally, when we hear about hackers in the news, it's on a large macro scale. Huge amounts of data stolen from large corporations, or even the government, with the recent hack of the U.S. Office of Personnel where the information of over 21 million people were breached. Hackers attack a single location to retrieve large amounts of information, but the medical device risks discussed above are different. Those risks are on a micro scale, targeting an individual device, more so, targeting an individual. In this paradigm, the hacker is starting with a large amount of devices, looking for a single location.

Medical devices are not the only Internet of Things devices making news about this potential risk. Some recent examples include:

  • Baby Monitors - Baby monitors are now wireless and have webcams built in. In April of this year, two separate incidents were reported by parents of someone remotely accessing their monitors, and tracking the parent's movements in the baby's room. One couple reported hearing a man's voice saying "Wake up baby, daddy;s coming for you". (Ed, this is terrifying....)
  • Smart Cars - Cars are probably one of the bigger ‘Things' in the Internet of Things. Remote and wireless access to various features is becoming very popular. Then in July, a hacker remotely accessed a Jeep while it was traveling at 70 mph, with the drivers foreknowledge. Without the driver touching controls, air conditioning came on, radio changed stations, and a picture of the hackers appeared on the video display of the vehicle. It should be noted, Chrysler has now issued a recall of 1.4M vehicles as result of that event.

No, the sky is not falling
While some of these stories, and the possibilities they discuss can be disturbing, this is not meant to be an "The Internet of Things will be the downfall of humanity' type of discussion. I will leave that to the groups discussing things like how AI will destroy us all. I bring it up to point out that the Internet of Things is a disruptive technology. Like any disruptive technology, it can turn existing viewpoints and paradigms on their head. We need to be prepared for that. The Internet of Things is not going anywhere anytime soon. One respected industry analyst predicts that there will be 4.9 billion (with a B) connected ‘Things' by the end of this year; that is up 30% from last year. They further predict that the number of ‘Things' will exceed 25 billion in another 5 years. No matter how you view it, that's a lot of devices, in our homes, in our workplace, on our bodies.

As technologists, we need to look at security from a different perspective. We have to think about the potential hackers differently. In the old paradigm, it was protect the data, protect the boundaries of the data centers. That is still valid and needs to be done. In addition, we need to look at protecting the individual device and its functions. Hackers may no longer just target a single point to get lots of data. They may target lots of devices just to get access to individual points. Why? Motives could be many, ranging from non-malicious ‘proving they can' types of attacks, to malicious intent to cause harm. When designing and implementing security on these devices, we must look at it through both lens.

Users also need to be educated in the proper use of the devices they have. Last year for example, there was a website that made national news. They linked to over 73,000 security webcams worldwide. How were they able to do that? Each one of the cameras were still running with the default username/password they were shipped with. They effectively left the car parked, unlocked, with the keys in the ignition.

No technology negates the need for good planning and design
The Internet of Things is bringing us wonderful capabilities, services, and conveniences, some of which we may not even recognize. As with any disruptive technology, there are tradeoffs and risks associated with those conveniences. As technologists, it is up to us to help plan and design for those risks, mitigate and educate. Security in the world of technology is always a delicate balancing act between access, usability, and protection. The risks just must be understood and appropriate measures must be taken to ensure the proper balance is maintained.

This post is brought to you by The CIO Agenda.

KPMG LLP is a Delaware limited liability partnership and is the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. The KPMG name, logo and "cutting through complexity" are registered trademarks or trademarks of KPMG International. The views and opinions expressed herein are those of the authors and do not necessarily represent the views and opinions of KPMG LLP.

More Stories By Ed Featherston

Ed Featherston is VP, Principal Architect at Cloud Technology Partners. He brings 35 years of technology experience in designing, building, and implementing large complex solutions. He has significant expertise in systems integration, Internet/intranet, and cloud technologies. He has delivered projects in various industries, including financial services, pharmacy, government and retail.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
Never mind that we might not know what the future holds for cryptocurrencies and how much values will fluctuate or even how the process of mining a coin could cost as much as the value of the coin itself - cryptocurrency mining is a hot industry and shows no signs of slowing down. However, energy consumption to mine cryptocurrency is one of the biggest issues facing this industry. Burning huge amounts of electricity isn't incidental to cryptocurrency, it's basically embedded in the core of "mini...
The term "digital transformation" (DX) is being used by everyone for just about any company initiative that involves technology, the web, ecommerce, software, or even customer experience. While the term has certainly turned into a buzzword with a lot of hype, the transition to a more connected, digital world is real and comes with real challenges. In his opening keynote, Four Essentials To Become DX Hero Status Now, Jonathan Hoppe, Co-Founder and CTO of Total Uptime Technologies, shared that ...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the competition, or worse, just keep up. Each new opportunity, whether embracing machine learning, IoT, or a cloud migration, seems to bring new development, deployment, and management models. The results are more diverse and federated computing models than any time in our history.
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addr...
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...