Rogue networks: How to stop the IoT becoming a weapon to be used against you

The concept of connecting offline appliances to the internet was put into practice long before any meaningful discussion took place as to its potential.

In 1982, a Coke vending machine at Carnegie Mellon University in Pittsburgh, Pennsylvania was modified to become the first internet-connected appliance, capable of reporting its inventory and the temperature of newly loaded drinks. Little did those behind the vending machine know that what they had developed was to become a blueprint for how humans would interact with technology decades later.

The term for this use of technology, upon which the Coke vending machine operated, remained absent for some 17 years. It was only as the Millennium approached and the plausibility of internet-connected devices was entering the mainstream, that the ‘Internet of Things’ (IOT) emerged as an idiom that would describe a new chapter in humanity’s ever more intimate relationship with technology.

However, a deeper integration of technological hardware via the web posed one, glaring problem above any other. As our reliance on the IoT hardened and the amount of our private data necessary for its usage was uploaded, the technology and thus its users, became increasingly vulnerable. Unfortunately, for every innovator developing technologies to improve our lives, there’s another, sat in the shadows, trying to find ways of sabotaging it. Some for financial gain, others for little more than mischief. Though their motivations differ, the end result does not. Technology that it intended to help us becomes a hindrance, and in the most extreme cases, a threat.

Secure by design

Facing down the menace of cyber criminality has accordingly become a primary concern of developers and technological innovators the world over. Early digital technologies often employed the now highly denigrated ‘security through obscurity’ which refers to the reliance within security engineering circles on the implementation secrecy as the main method of providing security to a system or component. In other words, if it’s kept secret how a system or component can be infiltrated, the threat is nullified. Good in theory, but as we now know, useless in practice. A virtually inexhaustible supply of would-be hackers and techniques applied over time has proved that practically all secrecy methods will eventually fail.

Today, the preferred and indeed strongly recommended approach, is ‘secure by design’. In essence, it means that software is designed from the bottom up always with security in mind. Security is embedded into each stage of development, rather than an afterthought to be bolted on at the end. A good example of a technology increasingly shaped by the IoT and constructed according to the secure by design methodology, is CCTV, or more specifically, IP CCTV.

IP CCTV uses the internet to stream videos and, compared with its analogue predecessor, boasts an enhanced range of powerful additional features. However, IP CCTV networks contain inherent vulnerabilities which, if exploited, can lead to hackers assuming control of cameras within a network and using them against the owner. The very technology keeping an organisation safe, becomes its biggest threat.

How IP CCTV is fighting back

It is far from standard practice across the industry, but elite companies are designing their systems with a ‘secure by design’ methodology that is so comprehensive, it has even the most gifted hackers defenestrating their laptops from sheer frustration.

Network end-points, traditionally a fragile link in any network chain, are subject to a battery of next-generation security protocols. These include the restriction of end-point access through the NVR so, should a camera in the network become compromised, it cannot attack the central infrastructure as there is no way for it to initiate a connection. End-point ports are also restricted so again, if one camera becomes compromised, it cannot affect the others. Then there is authentication of end-points with individual security keys which are applied to each device and then validated thereby preventing unauthorised access, even if MAC/IP addresses of valid devices are cloned.

These network end-point restrictions add highly resilient layers of protection but they are not all that is implemented to secure top-end IP CCTV networks. They are augmented by a host of auxiliary mechanisms such as the integration of independent VLANs which segregate secure end-points from general and storage networks, and the enablement of ingress rate limits so that in the unlikely situation a port is compromised, attempts to recruit the device to a DDoS attack is significantly restricted.

Lessons and warnings

IP CCTV provides a helpful example of how networks can be protected because a chain of cameras connected to each other and to a central point provides an easy visual for even the most committed technophobes.

The protocols industry-leading IP CCTV companies have implemented to secure their infrastructures provides a useful model for others who ply their trade in the manufacture of IoT enabled hardware. Zeroing in on network end-points must become a priority for those who have allowed it to slip down the priority list. Moreover, protecting end-points must sit as a foundational building block as part of a secure by design methodology.

It is from these lessons, that warnings also emerge. Hackers, rather than diminishing in number and capability continue to grow in both. The time to emulate the endeavours of elite IP CCTV manufacturers is now.