Share, , Google Plus, Pinterest,

Print

Posted in:

Utilising Machine Learning To Combat IoT Security Nightmare

There can be no doubt: inanimate objects are getting ‘smarter’.

First there were smartphones, mobile telephones designed to cram in features such as web browsing, email and camera technology. These features have since become so standardised that any phone that does not encompass this level of connectivity is referred to as a ‘dumbphone’. Then there were smart televisions, allowing full access to internet services and with enough processing power to compete with traditional set-top boxes.

Then the real advancement was unleashed to the unsuspecting world: the internet connected toaster. This breakthrough in particular points to an increasingly connected future where every device in the home will be connected to the internet and able to be remotely controlled. This is the crux of ‘The Internet of Things’ (IoT), with no limit on the type of device or appliance.

There is, however, a number of glaring security issues that have yet to be fully addressed. Many smart televisions, for example, are running widely adopted operating systems that rely on software updates to patch any potential security loopholes. With such a range of devices, the necessary software updates require extensive testing on each model to ensure full compatibility, slowing the release of future software updates. There are also smart televisions that contain a built-in camera and microphone for video calling and voice control. How would a user know if their device is hacked and is recording their living room? The small print of some manufacturers even points to built-in third-party access.

While this Orwellian fear may sound farfetched, it is not completely unfounded. Widespread reports of laptops having their webcams and microphones hacked, highlighted by Facebook CEO Mark Zuckerberg taking evasive action and physically cover both on his laptop, are evidence that any internet-enabled device has the potential to be under the control of a hacker. If devices are linked, it would only take the weakest link to be breached for every other device to be under control and a user’s privacy breached. This was evidenced when US retailer, Target, was hacked in 2013 through the internet-enabled climate-control systems.

With more mature operating systems, antivirus software will offer a degree of protection. This is not yet an option for the internet devices that have only been released for a short time, such as the multimedia computer in a range of cars for sale in the USA. The threat that hackers pose over the future of IoT devices was highlighted in an experiment where a car was remotely controlled, with the exploit allowing full control over the car while it was being driven. As the car was being driven at 70 mph, the screen wash was activated, covering the windscreen, the radio turned up to maximum volume and the accelerator pedal disabled – all possible over the internet.

So what’s next for IoT devices in drastic need of robust security? One potential solution is to harness the power of machine learning to significantly increase the speed of identifying potentially vulnerable devices.

As many devices rely on stable internet connection to function correctly, it would not be difficult for each device to upload diagnostic reports to a unified database of devices that could, in turn, identify devices with potential issues, such as running out-of-date firmware. By utilising machine learning to calculate shared issues, patches could be issued at a much faster rate due to the testing stage effectively being analysed and ‘learned’ from the continually updating database.

This approach could also be used to empower the user, as developers could actively encourage their customers to report any issues. This has a two-pronged effect on security – users are made aware that security is of great importance and they are partly responsible for its maintenance, and the machine learning process is more effective because of the increase in data available for analysis.

Dynamic Bayesian Networks (DBNs) also offer a means to enhance security while offering an approach to the interconnected nature of devices rather than a single-view of individual cases that only evolve over time. Determining causal relationships between security breaches would enable manufacturers to be prepared for particular variables, such as location, and alter firmware updates accordingly to target specific vulnerabilities or device-specific security flaws that are taken advantage of in specific locations. In practise, a network would grow naturally to allow for reliable information on specific security measures that are required, allowing manufacturers to stay one step ahead of potential hacks.

IoT devices have a unique opportunity to enhance everyday items for consumers. For manufacturers, however, the rush to include a multitude of features has backfired spectacularly, leaving devices wide open to hackers on an industrial scale. Without the right level of technical support, IoT devices will not mature and will not be recognised by the mainstream audience this technology deserves. For a long-term investment such as IoT, companies must invest in technology, such as machine learning, that will enhance their security in the long run and not just fix each issue one at a time.