Sensors will be key to powering smart spaces of the future, but their use with internet-enabled devices could also bring disaster with cyberattacks. This article will address the following key questions:
- • Why are sensors essential for any smart space?
- • What kinds of attacks would they face?
- • How can engineers help to prevent this?
Why are sensors essential for smart spaces?
Before we can dive into the factors that make sensors essential for smart spaces, we first need to understand what smart spaces are. If there is one thing that startups and media can do very well, it’s taking trending terms and abuse their meaning. One good example is the word “smart.”
If a device has an internet connection, then it is immediately stamped with the term “smart”, and this most likely encourages consumers to make their lives as “smart” as possible. However, a device having an internet connection does not make that device smart as the true definition of smart is far more than simply being connected to the internet.
A smart device is one that can respond intelligently without manual input, and this is achieved with the use of connected technologies such as the internet. For example, a smart thermostat would not only be able to control the immediate temperature of a room. Instead, it would be connected to other devices on the network to see whether it should even turn on (such as cameras that can determine the number of individuals in the room).
Thus, a smart space is one that has a degree of intelligence and can react depending on its state. A smart space will often digitize its existence so that software can see the smart space virtually and make changes to that environment. For example, a house can be turned into a smart space whereby all the cameras, alarms, air conditioning, and thermostats are connected to a central software platform. This platform digitizes the internal environment of the home, and software calls and routines can make changes to the real environment through the virtual environment. If an occupant moves from one room to the other, the home can dynamically react to this by directing airflow into the room being occupied while disabling controls in empty rooms.
This is where it becomes obvious why sensors are essential in the creation of smart spaces; they can digitize their environment. A smart home would need a whole array of sensors from image sensors for detecting occupants to temperature sensors to see the different room temperatures. Without sensors, there is no way to determine the environmental state of a space.
What challenges do sensors present when connected to internet-enabled devices?
To understand the potential challenges that smart sensors introduce, one only needs to look at the IoT industry. When the first IoT devices were manufactured, they consisted of basic sensors such as temperature and humidity, and the benign nature of the data that they gathered combined with their limited deployment meant that they posed no security risk. As such, these devices rarely incorporated any security features (if at all).
As technology progressed, so did the complexity of IoT devices, and it wouldn’t be long before IoT devices started to integrate microphones and cameras. Such sensors allow for extremely private data to be gathered, like images of people and recordings of conversations, but strong security practices needed to protect such data were seldom found. Combine this easily accessible data with large-scale deployments and the reliance on common platforms (such as the Raspberry Pi, ESP32, and ESP8266), and you have the perfect storm.
It didn’t take long for hackers to start figuring out how to hijack IoT devices and use them for their own malicious purposes, including data theft, spying, blackmail, and network credential theft. In fact, one group of hackers were able to get into a highly secured casino server by gaining access into an IoT aquarium thermometer. By accessing the unsecured device, the hackers were able to get access to the internal network, and once in, launched a major attack.
Fast forward to 2022, the world now has potentially billions of vulnerable devices connected to the internet. Of course, government regulation has now stepped up to ban the sale of devices that don’t meet minimum requirements, such as strong default passwords and data wiping abilities, but this does nothing for the billions of devices already in use. But in learning from the security failings of the IoT, we can look at smart sensors to see if and how they will face similar challenges.
One of these challenges is how sensory data can be used to infer the condition of an environment without needing direct measurement. For example, a humidity sensor at face value reports the current humidity of a space, but it can also be potentially used to determine if a room is occupied or not. When humans exhale, large amounts of moisture go into the air, and if a room is poorly ventilated, then the humidity of a room will rise when occupied. Thus, a hacker could use a single humidity sensor to figure out if a room is empty or not.
Another sensor that can be used for spying purposes would be an air quality sensor. Again, the face value of such a sensor tells you if you need a window open or not, but indirectly this sensor also gives a hacker the potential to determine the number of occupants in a room. This can be done based on the current CO2 against the historic rise of that CO2.
Furthermore, feeding the data from basic smart sensors into an AI could even allow for determining behavior patterns, and while this may be good for a smart space, it is extremely dangerous if used by a hacker. They may be able to use that data to best determine when the area will be empty, and thus commit crime without getting caught (such as burglary).
How can smart spaces be attacked?
We have already seen how sensor data can be maliciously used by cybercriminals, but smart sensors themselves present many other challenges that don’t relate to the data they gather.
The attack that a hacker may perform is using a sensor to gain unauthorized internet access. A network is only as strong as its weakest link, and a sensor that has poor security can be broken into for network credentials. Failing this, a hacker may be able to piggyback the network connection of a smart sensor to perform illicit activity without having that network activity trace back to them.
Smart sensors with poor security will also open themselves up to hackers inserting malware, which then reports back all gathered data. This would allow hackers to gain an insight into the smart space, and as previously discussed, may even be able to perform spying activities.
A smart space that uses sensors with poor security may even allow hackers to take control of the smart space itself. In the case of environmental controls, a hacker could disrupt temperature settings to make the environment extremely uncomfortable and/or engage AC permanently to rack up large electrical bills. Window and door controls could be overridden to allow access anytime to restricted places while power could be disconnected to disrupt services. Furthermore, alarms could be triggered randomly to render the environment unusable, and this could be deployed at ransom.
How can engineers fight back?
Sensors present smart spaces with a real challenge as without them, a smart space cannot be constructed, but using them can quickly open smart spaces to cyberattacks. Luckily, there are measures that can be done to mitigate the effects of cyberattacks.
The security of a system is only as good as its weakest link, and thus the fastest way to secure a system is to try and find the weakest link. Any sensor or device that has internet connectivity which has easy to guess default credentials should immediately be removed in favor for devices with strong security. No device should be accessible without a password and all network connections must require credentials (including ethernet). Network controllers should be caged under lock-and-key, and only the latest security methods should be used.
Creating a custom network for a smart space can lead to security failings simply because of the management required . . . which is why using pre-existing infrastructure can be advantageous. One network that is increasingly becoming popular is cellular, as the coverage is extremely wide, allows for roaming between cell towers, and requires no local network hardware. Connecting smart sensors to a cellular network requires the use of cellular credentials in either a SIM card or an eSIM, and while this is more difficult to manage, network security is handled by the network operator.
Smart sensors should also consider sanitizing data internally before transmitting to a remote server, and if possible, avoid sending data unless necessary. For example, camera modules that can image the inside of a room can preprocess this image to potentially strip private information (body images, text etc.) before sending the image. A hacker who gets this preprocessed image would not be able to recover the unsensitized data and trying to hack the device itself would not render any images directly from the camera as the preprocessing occurs before the main processor receives the data.
There are many other security options to engineers when creating smart spaces, but the use of smart sensors is a double-edged sword. Without smart sensors, a smart space cannot be created, but using them can introduce a world of challenges that must all be considered.