IoT
IoT
Data Management // IoT
Commentary
3/18/2016
09:05 AM
Larry Loeb
Larry Loeb
Commentary
50%
50%

IoT Security Could Crack Quickly In The Quantum Era

Internet of Things security is only beginning to get serious attention. However, it might already be too late. In the era of quantum computing, the fragile security that protects IoT devices may crumble faster than you think.

8 IoT Operating Systems Powering The Future
8 IoT Operating Systems Powering The Future
(Click image for larger view and slideshow.)

The Internet of Things is beginning to really worry me. It's mostly because the vast amounts of data out there can't be controlled well by users.

It's not just a concern that I have. In fact, the industry creating IoT has been behind in addressing a wide range of security issues concerning embedded and smart devices, a recent panel at Mobile World Congress found. So, where are the vulnerabilities? They are right under your nose, most likely in your home.

When some device in your house can be controlled by your smartphone, the device and your phone communicate over the Internet. The manner and way that they communicate between each other determine how much data can be thrown off and then monitored by others.

If the data between the two is sent in cleartext, it's easy to directly monitor. Anyone will be able to listen, and know that you just told your smart thermostat to turn on the air conditioning.

That may sound innocuous, but what if there is a thief sitting in your house taking things and listening for actions that may indicate you are about to come home? Not so innocuous then, is it?

The metadata alone that is associated with IoT systems can also be a useful data source, even if the message used to create the metadata has been protected.

A metadata layer is used to reduce the friction across all stages of data governance by providing a context for that data. The goal of the metadata layer is to capture and incorporate the business context, logic, models, and rules as machine readable, programmable concepts. These will then aid in mimicking how humans process data, analytics, and information.

(Image: Danil Melekhin/iStockphoto)

(Image: Danil Melekhin/iStockphoto)

There are other kinds of IoT vulnerabilities to consider. Ring, a manufacturer of smart doorbells with video cameras, realized not long ago that, by using a home's WiFi, the company was inadvertently giving up the home network's password.

First, the Ring doorbell gets reset, then a specific URL is viewed on a browser.

Voilà, the password.

Of course, Ring issued a firmware update when this was publicized. But why wasn't that caught in some kind of security audit before release? Did the manufacturer even choose to look for that kind of problem?

But let's move away from the abstraction layer here for a minute.

The one privacy/security tool that is available for the IoT device's use now is end-to-end encryption. It offers the hope that the mathematical effort needed to solve for the prime numbers that are the key to the encryption will keep it safe. Currently, the use of encryption is not widespread among those emerging devices that have a low cost of manufacture as part of their DNA.

There are also quantum computers to consider in the IoT mix.

Right now, they are not cracking encryption … yet. Give these machines another five years, and they may be able to do just that.

Are you prepared for a new world of enterprise mobility? Attend the Wireless & Mobility Track at Interop Las Vegas, May 2-6. Register now!

MIT researchers have announced they have figured out how to build faster quantum computers that are designed to defactor large prime numbers, and are easily scalable as well.

The news is almost equivalent to Carter Mead's announcement of the first silicon foundry in 1967. The process is one of applying technology to building bigger and faster quantum machines that are very good at figuring out crypto keys, instead of trying to figure out the physics necessary to build a quantum computer to do that. They have found a way.

This kind of quantum machine sounds the death knell for RSA-style encryption, the kind so widely used today.

Here is the problem laid bare: Quantum computers will be able to crack RSA-style crypto in a few years. That is the encryption used even when some end-to-end scheme is implemented in IoT. How will IoT privacy be protected at all?

The NSA thinks that it can come up with quantum-proof encryption -- someday. Maybe it will let it out. Maybe it will get used in IoT projects.

In the meantime, we have RSA-style encryption to use -- and that still isn't used all that much. But, beware of IoT devices that cannot be safely upgraded to deflect the growing security threats that will surely evolve over time. Those devices will leak data no matter what you do to stop the problem.

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
larryloeb
50%
50%
larryloeb,
User Rank: Author
3/26/2016 | 4:49:00 PM
Re: security on the mind
@batye

That's because you have learned I am always right.

Snort.
batye
50%
50%
batye,
User Rank: Ninja
3/26/2016 | 3:30:41 PM
Re: security on the mind
@larryloeb yes, I could not agree more...
larryloeb
50%
50%
larryloeb,
User Rank: Author
3/26/2016 | 8:52:05 AM
Re: security on the mind
@batye

Sure, that's true.

But this technology is a game changer. All the privacy that RSA-style encryption was used to ensure will be gone when it is functional.

And the tech will be available sooner than you think. It wont show up as a box on your desk.

No, it will be a service. Quantum as a Service. It won't matter who has the hardware. You just get it through the cloud for whatever problem you want to apply it to.
batye
50%
50%
batye,
User Rank: Ninja
3/25/2016 | 11:21:44 PM
security on the mind
with security it never ending process... as everything changes daily...
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of August 14, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.