With billions of devices around, there will always be a multitude many millions that behave maliciously or are otherwise compromised. And each compromised device connected to the Internet may attempt to infect many others. So on the Internet of Things, the bombardment of attacks will be vast and relentless.
The personalization factor is another reason to expect that security vulnerabilities of these devices will have especially catastrophic results. We now have small digital systems that track and record many of our daily activities: our sleep, our contacts with one another, our health care
measures, our browsing patterns, and so forth. The information from these devices is typically communicated through the Internet to central repositories and servers for storage and analysis, and an adversary breaking into that communication at any point can access some of your most intimate personal information.
Still another concern with attacks on these devices pertains to their interaction with the physical world. A smart toaster at home or sensors in a factory, when hacked, can lead to disastrous consequences that affect the machines being controlled. Traditional mechanisms used to keep computers secure will probably not be adequate. For one thing, most of those protections designed for laptops, desktops, servers, and even phones consume significant amounts of power. They won’t work for a tiny device such as a watch or sensor node, which must operate using very little energy.
What’s more, protection mechanisms are typically designed for computing systems that remain in operation for only a few years. People tend to replace their desktop and laptop computers every three to four years and they upgrade their smartphones and tablets even more frequently. But a smart car, Internet-connected power meter, or smart traffic light may have a significantly longer lifespan, in some cases measured in decades. So you can’t just expect that the replacement will fix any security problems the old one had. Nor can the manufacturers anticipate what sort of hardware resources their devices might need to prevent the kinds of attacks they will experience in the distant future.
Indeed, it’s hard today to imagine how exactly these devices will be used, much less what the threats are going to be 10 or 20 years from now. Perhaps by that time, your refrigerator will communicate with your autonomous car so that it can automatically fetch groceries when they’re needed but a compromised smart lightbulb in your kitchen will also be able to eavesdrop on that communication and make mischief with the information. We simply don’t know enough to predict the uses of different smart gadgets in the future or the repercussions of their being compromised. So we need somehow to design these systems to protect us against attacks that we will only discover later.
How then can engineers possibly make the Internet of Things secure? In seeking solutions, we enter into the highly uncertain territory, with lots of unknowns and very few concrete answers. Consequently, while security experts need to do the best they can to develop protections against known threats, they should also design devices so that they can be configured and upgraded in response to unanticipated vulnerabilities and compromises. The engineering approach to achieve that is called Hardware Patching.