{"id":5749,"date":"2024-02-06T15:43:10","date_gmt":"2024-02-06T15:43:10","guid":{"rendered":"https:\/\/www.tantraanalyst.com\/ta\/?p=5749"},"modified":"2024-10-08T07:15:55","modified_gmt":"2024-10-08T07:15:55","slug":"can-iot-devices-become-ticking-time-bombs","status":"publish","type":"post","link":"https:\/\/www.tantraanalyst.com\/ta\/can-iot-devices-become-ticking-time-bombs\/","title":{"rendered":"Can IoT Devices Become Ticking Time Bombs?"},"content":{"rendered":"

[vc_row fullwidth=”yes”][vc_column][vc_column_text]<\/p>\n

\"Prakash<\/a>
Broadband Breakfast, 06 February, 2024<\/figcaption><\/figure>\n
The millions of IoT devices we use knowingly or unknowingly make our modern societies function. These include utility meters, traffic lights, and they even connect to the national grid. 5G is elevating their use to even higher levels and making them an integral part of the country\u2019s critical infrastructure.<\/span><\/h6>\n
But that also is making that infrastructure more vulnerable to security threats.\u00a0Reps.<\/strong>\u00a0Mike Gallagher<\/strong>\u00a0and\u00a0Raja Krishnamoorthi<\/strong>\u00a0of the U.S. House Select Committee on China understand this threat and are rightly sounding\u00a0alarm bells<\/span><\/a>. It\u2019s fascinating how these seemingly benign and almost invisible IoT devices can be such a grave threat.<\/span><\/h6>\n
IoT devices are an integral part of the national critical infrastructure<\/strong><\/span><\/h5>\n
The U.S. IoT market is massive, estimated to be<\/span>\u00a0$199B in 2024<\/a>, according to Statista. IoT technology is found in almost any connected device for individual or industrial use. Since IoT devices manage and control the country\u2019s critical assets, including power, water, natural gas, and many industries, even more with 5G IoT, they are part of national critical infrastructure.<\/span><\/span><\/h6>\n
Imagine the havoc the sudden collapse of the national grid or large-scale disruption of utilities can create. Such catastrophes can bring the country to a screeching halt, threaten lives, and cause lasting damage.<\/span><\/h6>\n
Despite its critical role, IoT security hasn\u2019t gotten the attention of regulators and governments it deserves. It was considered a \u201cbusiness risk\u201d to be managed by the industry. Fortunately, that is starting to change. The recent letters from the congressmen to the\u00a0FCC<\/a>, <\/span>the\u00a0Department of Defense, and the Treasury Department<\/span><\/a>\u00a0regarding cellular connectivity modules used in IoT devices indicate that lawmakers are now treating this as a national security issue.<\/span><\/h6>\n
Vulnerabilities of IoT devices<\/span><\/strong><\/h5>\n
When it comes to cellular IoT devices, the biggest threat is the security of the connectivity module (aka IoT module) on which they are built. This module is the gatekeeper, which controls all the data going in and out of the device. If the module is compromised, the whole device, and in many cases all the systems it connects to, are compromised.<\/span><\/h6>\n
Connectivity modules could have many vulnerabilities. There could be backdoors built into the hardware or the software when modules are shipped from the factory (called \u201cZero Day\u201d attacks) or introduced during numerous upgrades modules receive during their more than ten years of lifespan. These upgrades are similar to the ones our smartphones receive but are usually automatically executed.<\/span><\/h6>\n
Because of prohibitive costs, operators can\u2019t examine and verify all the devices and their firmware updates. No matter who and how these vulnerabilities are created, they can be exploited by bad actors. If those bad actors are state-sponsored, the risk is even higher.<\/span><\/h6>\n
As FBI Director\u00a0Christopher Wray<\/strong>\u00a0mentioned in his\u00a0recent testimony<\/a>,<\/span> \u201cHackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities.\u201d<\/span><\/h6>\n
The attackers can stay dormant for a long time and attack at a time of their choosing. Hence, it wouldn\u2019t be wrong to say that any device with such vulnerabilities can become a ticking national security timebomb.<\/span><\/h6>\n
IoT security: A tragedy of commons<\/strong><\/span><\/h5>\n
IoT is a largely low-margin, low-revenue (per subscription) business with a highly cost-competitive market. Most operators manage security as a business risk. They invest just enough to protect against fraud and liability. National security probably never makes it to their priority list.<\/span><\/h6>\n
Considering the complexity, cost, and potential risks involved, the responsibility of ensuring the security of IoT devices, from a national security perspective, rests squarely on the regulators and the government. The simple and highly reliable approach to achieve that seems to be establishing a fully trusted supply chain comprising local players and players from trusted national partners.<\/span><\/h6>\n
This is where things get complicated. According to\u00a0Counterpoint Research<\/a>,<\/span> almost a quarter of the US cellular connectivity module is controlled by one Chinese company, Quectel. More alarmingly, a large portion of the IoT modules used in the cellular network used by first responders called\u00a0FirstNet<\/span><\/a>\u00a0are also Chinese.<\/span><\/h6>\n
And that\u2019s precisely why these congressmen are concerned and asking relevant US departments to intervene. As opined by many law experts, Chinese laws require all Chinese companies \u201cto support, provide assistance, and cooperate in national intelligence work.\u201d<\/span><\/h6>\n
So, then the question arises: Is the Huawei-like approach of totally banning these companies the right strategy? If not, are there any other remedies available? What are the pitfalls? All these questions need to be addressed before taking any substantive action. Look out for my next article for details on them and possible answers.<\/span><\/h6>\n
Prakash Sangam is the founder and principal at\u00a0Tantra Analyst<\/a>,<\/span> a leading boutique research and advisory firm. He is a recognized expert in\u00a05G, Wi-Fi, AI, Cloud and IoT. To read articles like this and get an up-to-date analysis of the latest mobile and tech industry news, sign-up for our monthly newsletter at\u00a0TantraAnalyst.com\/Newsletter<\/a>,<\/span> or listen to our\u00a0Tantra\u2019s Mantra podcast<\/a>.<\/span><\/em><\/span><\/h6>\n

[\/vc_column_text][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"

[vc_row fullwidth=”yes”][vc_column][vc_column_text] The millions of IoT devices we use knowingly or unknowingly make our modern societies function. These include utility meters, traffic lights, and they even connect to the national grid. 5G is elevating their use to even higher levels and making them an integral part of the country\u2019s critical infrastructure. But that also is […]<\/p>\n","protected":false},"author":2,"featured_media":5766,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"image","meta":{"mc4wp_mailchimp_campaign":[],"footnotes":""},"categories":[58],"tags":[],"class_list":["post-5749","post","type-post","status-publish","format-image","has-post-thumbnail","hentry","category-ai-compute-iot","post_format-post-format-image"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tantraanalyst.com\/ta\/wp-json\/wp\/v2\/posts\/5749","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tantraanalyst.com\/ta\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tantraanalyst.com\/ta\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tantraanalyst.com\/ta\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tantraanalyst.com\/ta\/wp-json\/wp\/v2\/comments?post=5749"}],"version-history":[{"count":0,"href":"https:\/\/www.tantraanalyst.com\/ta\/wp-json\/wp\/v2\/posts\/5749\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tantraanalyst.com\/ta\/wp-json\/wp\/v2\/media\/5766"}],"wp:attachment":[{"href":"https:\/\/www.tantraanalyst.com\/ta\/wp-json\/wp\/v2\/media?parent=5749"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tantraanalyst.com\/ta\/wp-json\/wp\/v2\/categories?post=5749"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tantraanalyst.com\/ta\/wp-json\/wp\/v2\/tags?post=5749"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}