IoT security poses unusual risks. It is one thing to steal usernames, passwords or intellectual property, but it’s entirely different to gain access to systems that can interfere with people directly. Any connected device can be hacked, including a thermostat, smart appliance, connected wearable or even a child’s Barbie doll that is connected to the IoT.
CTA is working with our member companies on multiple programs to improve cybersecurity. Recent work includes revising CTA-TR-12, Securing Connected Devices for Consumers in the Home, which provides guidance to product designers and managers on how to enhance cybersecurity; developing guidance for product installers to get the best security out of existing devices; and helping develop and launch the Building Security In Maturity Model (BSIMM) online assessment tool, which companies can use to gauge how well they’re addressing security in their internal processes and end products. CTA also released a white paper outlining a national strategy to promote IoT growth, including the challenges of privacy and security.
Medical device hacking is also a real possibility. So far, these have been confined to scenarios in TV shows like Homeland, which killed off a vice president by reprogramming his pacemaker. Former Vice President Dick Cheney revealed that doctors disabled the wireless capability of his heart implant to prevent hacking in a 60 Minutes interview in 2013.
Studies have found that drug infusion pumps that deliver morphine drips, chemotherapy and antibiotics can be remotely manipulated to change the dosage given to patients. Bluetooth-enabled defibrillators can be directed to deliver random shocks to a patient’s heart. X-rays can be accessed by outsiders lurking on a hospital’s network; temperature settings on refrigerators storing blood and drugs can be reset, causing spoilage and digital medical records can be altered to cause physicians to misdiagnose or prescribe the wrong drugs.
The FDA has issued several alerts concerning the safety of infusion pumps developed by Hospira (acquired by Pfizer). And, Johnson & Johnson warned users that while the probability of unauthorized access is low, its Animas OneTouch Ping insulin pump could be hacked – with possibly fatal results.
With connected devices expected to reach 21 billion by 2020, security and privacy are top priorities. While IoT holds infinite potential for doing good – it also presents challenges across healthcare, payments, transportation, industrial, government, manufacturing and M2M.
i3, the flagship magazine from the Consumer Technology Association (CTA)®, focuses on innovation in technology, policy and business as well as the entrepreneurs, industry leaders and startups that grow the consumer technology industry. Subscriptions to i3 are available free to qualified participants in the consumer electronics industry.