Warning: The IoT is not secure

Feb. 2, 2016
Smart lighting users should beware, as Spanish telecommunications giant Telefonica says Internet of Things technology developments are outpacing the safeguards.

Smart lighting users should beware, as Spanish telecommunications giant Telefonica says Internet of Things technology developments are outpacing the safeguards.

Before rushing to connect smart LED lighting into the fledgling Internet of Things (IoT), users should beware that IoT security is not keeping pace with general IoT advancements.

Interested in more articles & announcements on IoT & smart lighting?

That is the warning from Spanish telecommunications giant Telefonica in a new report, “Scope, scale and risk like never before: Securing the Internet of Things,” assembled by a group of IT security experts from both inside and outside the company.

“The increasing prevalence of the Internet of Things (IoT) in modern society presents significant opportunities for individuals, companies, and states to have more control over their technology, and greater access to information, than ever before,” Telefonica says in a report summary. “Yet the approach to safeguarding against the threat of cybersecurity is lagging behind the rate of development.”

In the IoT, billions of objects will be equipped with chips and sensors connecting them to the Internet so users can control them remotely and gather and analyze information from them.

LED lamps are shaping up as key nodes in the IoT. In street lighting, cities will be able to switch them on and off, control their color and brightness from afar, and easily gather maintenance and outage reports. Cities are also equipping luminaires and lampposts with sensors to detect information about a wide variety of things such as parking, traffic, crowd, noise, temperature, and air quality.

Likewise, in homes and offices, smart lighting is gathering information such as occupancy and motion, and is tying into other systems such as burglar alarms and heating and air conditioning.

Although the Telefonica report does not focus on lighting per se, it clearly has lighting in mind as part of the vulnerable IoT.

“One business we have helped makes smart home devices — motion detectors, electricity monitors, temperature monitors, sensors of all kinds,” states co-author Andrey Nikishin, head of future technologies for Moscow-based cybersecurity specialists Kaspersky Lab, in the report. “They store and process a lot of the data in the cloud — and decisions based on that data are made there, too. This allowed the company to build some very smart systems that adapt to a household’s requirements, and develop new services and products very quickly.

“None of this data was encrypted. While someone switching a light on or off might not seem that important, anyone wanting to break into your home would probably be really interested in the pattern of household occupancy. Also, because the decisions are made in the cloud, what happens if there’s not 100% connectivity in all these home devices?”

The warning has poignancy coming from Spain, where in 2014 researchers proved that a new network of electricity smart meters were vulnerable to hackers.

“In the next few years, our lives will be surrounded by devices connected to the Internet that will digitalize every step we take, convert our daily activities into information, distribute any interaction throughout the network, and interact with us according to this information,” said Chema Alons, CEO of Telefonica’s ElevenPaths cybersecurity unit. “Never before has what we do in our physical lives been closer to the digital world. It is precisely the blurring of the line between the digital world and the real world that represents the changes introduced by the IoT. Let’s understand the problem before it’s too late, and guarantee we are able to offer a complete protection plan.”

The potential for cyber-attacks has not gone unnoticed in the smart lighting world. Cisco, for example, has emphasized the importance of security in IoT installations such as the Power over Ethernet installations it recently began co-marketing with lighting giant Philips.

In addition to Telefonica and Kaspersky, groups contributing to the report included Intel; the Washington, D.C.-based Inter-American Committee Against Terrorism; the UK-based Internet of Things Security Foundation; the UK’s National Microelectronics Institute; France’s Sigfox; and Spain’s University of Cantabria.

MARK HALPERis a contributing editor for LEDs Magazine, and an energy, technology, and business journalist ([email protected]).