5G Technology World

  • 5G Technology and Engineering
  • FAQs
  • Apps
  • Devices
  • IoT
  • RF
  • Radar
  • Wireless Design
  • Learn
    • 5G Videos
    • Ebooks
    • EE Training Days
    • FAQs
    • Learning Center
    • Tech Toolboxes
    • Webinars/Digital Events
  • Handbooks
    • 2024
    • 2023
    • 2022
    • 2021
  • Resources
    • Design Guide Library
    • EE World Digital Issues
    • Engineering Diversity & Inclusion
    • Engineering Training Days
    • LEAP Awards
  • Advertise
  • Subscribe

How Carriers Can Help Solve IoT Insecurity

By dmiyares | November 25, 2016

Through our research and work with carriers, partners, and others, AdaptiveMobile has predicted up to 80 percent of devices connected on the IoT do not have appropriate security measures in place. To put it plainly, four in five of IoT devices on the market are vulnerable to malicious activity, inadvertent attacks, and data breaches.

We are now at a point at which the expected growth in IoT connections and devices makes this lack of security a liability for consumer confidence, data safety, and the ability for the IoT to function unencumbered. Gartner reports that more than 30 billion connected devices will be in use by 2020 and that the IoT will create $1.9 trillion of economic value add. We believe a new security architecture is needed at this time and that carriers are in a unique position to provide this security.

The threats

There is a lot of hype around proof of concept threats with the IoT. However, there are actual threats and attacks that have occurred, which give us a blueprint of where the initial vulnerabilities lie. For example, hackers have accessed web cameras and home routers either to cause mischief or to prove that they could. And, German researchers were able to figure out what TV shows people were watching using data sent by smart power meters.

Unsecured IoT devices are of extreme interest to pranksters, hackers, and cybercriminals, as evidenced by Shodan, a search engine that looks for IoT devices such as webcams and makes their streams available for viewing by anyone on the internet. Shodan collects data mostly on web servers (HTTP) as well as FTP, SSH, Telnet, SNMP, SIP, and Real Time Streaming Protocol (RTSP). The latter can be used to access webcams and their video stream.

What these threats point to is that most of the consumer devices that sit on the Internet under the IoT, M2M, or Embedded Device umbrella are not designed to defend against the sophisticated hacks or threats that may attempt to compromise them.

The IoT security model

The current security model represents the characteristics of the IoT: low-cost, easily accessible, and simple to run. A typical IoT device, for example, uses cheap sensors that are low-power and inexpensive and that do not run endpoint security. IoT also relies on encryption, but often times that encryption is limited to data in transit. The end results are security vulnerabilities across a number of implementations. There are devices that have limited on-device security, leaving them open to hackers, attacks, or data leaks. Other industrial IoT implementations have good security for data in transit but do not have the same level of protection at the end points.

Some worst-case scenarios in the current model of IoT security include tampering with home appliances, such as a thermostat or a fridge; turning off or impeding the function of medical devices; and shutting down connection to depend on the consumer to maintain updates or change the very basic provided passwords to ensure better security, even though relying on consumer involvement for security has proven ineffectual in the past.

The logical solution would be to add in better security at the device level. Many in the security industry see the best option as having security “baked in” from the very beginning with hardened firmware and certificate management owned by someone other than that consumer. Adding to either the device complexity or services provided would sacrifice the low cost of the IoT devices and services, and this lower cost is a key component for the IoT’s success.

The solution

There will be billions of devices connected through IoT – many unable to run traditional endpoint security. Even more concerning is that there are no clear “owners” for security, given that the IoT involves devices, services, and connections—the vendors associated with any of these could be deemed to be the proper owner of IoT security.

What is needed now is a fresh look at security that involves action at the manufacturer’s level while also designing a security plan that will include carrier involvement and would detect threats at scale.

The first step will be having manufacturers making security a priority. IoT security is complex, constantly evolving, and needs to be a critical consideration that is designed into devices. Having security measures as a forethought in IoT designs will help circumvent the security weaknesses that come from unintended sources, such as unsecured endpoints. 

With that in place, carriers and other service providers can work using the strength of their networks and experience in detecting and stopping threats to combat IoT threats at scale. This would involve a combination of lightweight telemetry and anomaly detection to give early indicators of compromise – and then enforce protection at scale.

 

Ciaran Bradley is Chief Technical Officer at AdaptiveMobile and former Deputy Chair of the GSMA’s Messaging Security Group with over 15 years’ experience in the mobile industry. Ciaran is responsible for all aspects of AdaptiveMobile’s mobile security products and is a frequent commentator on mobile, privacy, and security issues. He has a keen interest in mobile malware and the increasingly sophisticated threats being developed by cybercriminals. He was previously CTO of Sentry Wireless – before being acquired by AdaptiveMobile in 2011.


Filed Under: Devices

 

Next Article

← Previous Article
Next Article →

Related Articles Read More >

High-directivity couplers optimized for 225 – 750 MHz applications
Integrated into IoT devices, iSIM poised to make inroads
Triple-radio and multiprotocol MCUs add application processors
5G vectors
How RedCap fits into 5G and IoT

Featured Contributions

  • Overcome Open RAN test and certification challenges
  • Wireless engineers need AI to build networks
  • Why AI chips need PCIe 7.0 IP interconnects
  • circuit board timing How timing and synchronization improve 5G spectrum efficiency
  • Wi-Fi 7 and 5G for FWA need testing
More Featured Contributions

EE TECH TOOLBOX

“ee
Tech Toolbox: 5G Technology
This Tech Toolbox covers the basics of 5G technology plus a story about how engineers designed and built a prototype DSL router mostly from old cellphone parts. Download this first 5G/wired/wireless communications Tech Toolbox to learn more!

EE LEARNING CENTER

EE Learning Center
“5g
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest info on technologies, tools and strategies for EE professionals.

Engineering Training Days

engineering
“bills
5G Technology World
  • Enews Signup
  • EE World Online
  • DesignFast
  • EDABoard Forums
  • Electro-Tech-Online Forums
  • Microcontroller Tips
  • Analogic Tips
  • Connector Tips
  • Engineer’s Garage
  • EV Engineering
  • Power Electronic Tips
  • Sensor Tips
  • Test and Measurement Tips
  • About Us
  • Contact Us
  • Advertise

Copyright © 2025 WTWH Media LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media
Privacy Policy

Search 5G Technology World