Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts
Author: Nitesh Dhanjani
Publisher: O’Reilly Media
Whether you like it or not, the Internet of Things is happening. As the author himself noted in a recent interview, some – arguably, too many – people think they don’t have to worry about the security implication of IoT because they believe that living in a traditional world of disconnected devices will continue to be an option. That particular future looks increasingly unlikely, and this is why we simply must start seriously addressing the problem. This book paints a clear picture of the current situation, and what we can learn from it in order to create a safer future for all of us.
About the author
Nitesh Dhanjani is a well known security researcher, author, and speaker. He is currently Executive Director, Cybersecurity, at Ernst & Young, where he advises C-suite executives at the largest Fortune 100 corporations on how to establish and execute complex multimillion-dollar cybersecurity programs.
Inside the book
We all learn best by making mistakes, although learning from the mistakes of others is the ideal we should all aspire to. The author obviously thinks so too, and in the first six chapters of the book he describes past and current consumer grade IoT solutions such as wireless lightbulbs (Philips Hue personal lighting system), electronic locks (Onity HT, Z-Wave-enabled door locks), baby monitors (Foscam, Belkin WeMo Baby), smart televisions (Samsung SmartTVs), connected cars (Ford, Tesla S), and hubs for “smart things”.
He picks several popular products in each category, explains how they work (in much detail, but never tediously), and then points out the vulnerabilities that have been found by researchers and in some cases exploited by attackers in real-world attacks.
He also shows time and again how the interoperability and interconnectivity of various IoT devices and platforms can lead to unexpected problems.
These design failures and security flaws should be considered by all those who aim to create better, more secure IoT solutions, and clearly point the developers in the right direction. If you are one of those people, this book is a must read for you, even if you have already read about some of these examples as various researchers released the findings of their own research into the matter through the years.
Security researchers who want to delve into IoT security and find vulnerabilities will also gain much knowledge from this book. Unfortunately, so will potential attackers. But that’s the way the world works, and one of the reasons why security should be implemented in IoT devices from the get-go.
Chapter 7 introduces the littleBits platform for prototyping IoT devices and the cloudBits module to construct a simple solution. The goal of this chapter is to simulate the process that companies go through when creating a new device, and to think through how security can be embedded (and added as needed).
Chapter 8 looks into the future, and introduces the various threats to IoT devices we already see looming: backdoors, thingbots, the overabundance of (potentially sensitive) data provided by the devices, cloud infrastructure attacks, speech recording and recognition, and more.
The book ends with a fantastic chapter that outlines two scenarios that show, specifically, how important the right people are important in bringing about secure IoT solutions and, ultimately, success to the company creating and selling them.
The author has a knack for succinctly summarizing the problems that still remain to be solved, and he picked great examples to explain why they exist. All in all, the book is really engaging, and a fantastic primer on both IoT security and the importance of it. Hopefully, it will inspire many to bring about some much needed changes in IoT design.