LAS VEGAS — ITEXPO — One of the hot technology buzzwords these days is “M2M” — for Machine to Machine Internet connectivity, also known as the Internet of Things. But as people get excited about the prospects of M2M and machines talking to one another, there is growing concern about the security threats.
This is the tradeoff of pervasive networking: The more networked you are, the more security threats there are. In a panel here on Wednesday, Jeffrey O. Smith, Chief Technology Officer (CTO) for Numerex, an M2M technology company based in Dallas, Texas., pointed out to a host of scary security threats as the matrix of connectivity increases between humans and machines.
In theory, M2M connectivity will bring us real-world benefits — such as the ability to control your appliances from your office. But it’s also got scary implications, such as somebody hijacking your dishwasher — or worse.
Here are some of the scarier scenarios: Actual M2M security breaches in the real world, some of which Smith outlined in his talk:
The hacker’s in the toilet. A fancy Japanese Satis toilet has been hacked. The networked toilet is coming. Your private place in the bathroom may never seem safe again.
The bunny is spying on you. A Karotz robotic bunny toy has multiple vulnerabilities, according to several security databases. This means it can be taken over via its wireless and sensor systems, turning your furry robotic friend into a household spy.
I can start your Subaru. In 2011, a Subaru’s remote-start system was hacked in a demonstration. At the Black Hat annual security conference, a group showed they could unlock and start a Subaru Outback via text messages from their Android phones.
GPS (Global Positioning System) spoofing. The IEEE has published some research showing how a group of graduate students used “GPS spoofing” to take over a boat’s navigation system and steer the boat by sending it fake GPS data
“SQL Injection.” Hackers have the ability to collect lots of data using SQL injection (SQL is a database standard), a technique in which wireless technology is used inject a fake Internet Protocol (IP) packet into the middle of transmission to fool the database into giving it information about usernames and passwords.
Photocopier threats. Smith gave an example of how compression errors can change digital images taken in by copiers. But it can go further than that — imagine hackers being able to gain access to a networked copier in order to manipulate or steal sensitive data.
The ultimate M2M hacking tool? Smith made reference to a hacking tool which is essentially an Internet spider that crawls around looking for security holes in thousands of machines connected to the Internet. This tool exists, says Smith
In summary, Smith pointed out that in an increasingly networked world, the potential for security breaches is unlimited. He said the important thing is for technologies and consumers to be aware of these risks in M2M.
“We need to be aware of the things that can happen,” said Smith. “We need to make sure M2M security and privacy is right-sized; we need to be knowledgable but not paranoid, but we can’t be naive either. Your cellphone is not secure.”