How Dumb is a Smart Building?

6

October

2019

5/5 (4)

The Internet of Things (IoT) is – a buzzword, but also – a technology with a huge global potential in many industries. The origin of IoT is from the growing number of connections between computing devices, machines and objects creating an enormous network without requiring human interaction. IoT is becoming increasingly popular, available and implemented. With prices of sensors being at all time low, this is the time to invest in IoT networks. In line with this, the market of Smart Buildings is vastly growing. But, this increasing connectivity of devices to the internet bring security questions. Since all these devices have an internet connection, all of them are potential gateways from hackers to the internet. Increased building automation creates new risks and enables increased impact for traditional risk. Therefore, are smart buildings really that smart?

Globally, the market for smart buildings was valued at around USD 5.800 million in the year 2016 and it is expected to reach approximately USD 61.900 million by 2024 (Zion Market Research, 2019). In the Netherlands 95% of all newly built buildings are smart. And next to that, building automation is growing in established houses. The main control of a smart building is a Building Automation System (BAS). The system controls all smart components of a smart building. The BAS usually governs access & identity control, power management and assurance systems, heating ventilation and air conditioning (HVAC), fire detection and alarm systems.

 

So what could possibly go wrong?

Data Breach

Hackers see smart components of smart buildings as a point of entry for obtaining data. Logging into a BAS is not difficult and can be reached through the internet. Default usernames and passwords are often used, which makes it even easier to crack open a system (van Hooijdonk, 2019). Entire IT networks of companies can be accessed through the BAS, making data vulnerable. This happened in Emmen to a housing corporation where unsecure solar panel IT systems were hacked and data has been breached at their residents (RTV Drenthe, 2017). Similarly, a Brazillian bank has suffered from a data breach, where hackers accessed their systems through their IoT devices (Geenens, 2018).

Control over systems

As described earlier, accessing a BAS is not too hard for an experienced. When hackers have obtained access to the BAS, they could control the whole building. Imagine that a hacker changes the temperature in a server room to very high levels, making servers crash (Korolov, 2016). Similarly, imagine that it happens to your own house. This has happened to Arjun and Jessica Sud from Lake Barrington, a village in the US state of Illinois. Their cameras, speakers and heating system were hacked, resulting in a hacker screaming through a speaker, turning up the heating to 32 degrees Celsius and talking to their 7-month old baby through their baby monitor (van Hooijdonk, 2019).

Ransomware & Siegeware

Smart buildings are becoming popular ransomware targets for hackers, called Siegeware when they target a BAS. With this Siegeware, a hacker disables all smart systems within the building, rendering it useless. Extorting companies through this method is becoming more popular with criminals. In an Austrian hotel, all locks could not be unlocked or locked since a ransomware attack has shut down parts of its BAS (Higgins, 2019).

DDoS Attack

A DDoS attack is an attack where a server is overloaded with traffic from multiple sources in order to make it unavailable. If a BAS is overloaded through a DDoS attack, various systems could get inaccessible as they are not able to cope with the enormous amount of traffic and can completely freeze/ shut down as a result. This happened in Finland, where heating systems two residential buildings were completely shut down (Higgins, 2019).

 

To answer the question ‘How Dumb are Smart Buildings?’: Too many smart buildings are very dumb! If your residence is a smart building, definitely consider testing the security of the system. You could even try to hack your own smart heating system yourself after some Googling. Personally, I think it is ridiculous that organizations accommodate people that live in an unsecure environment. It is like having a house without any locks, when a BAS is vulnerable.

 

 

 

Sources:

Geenens, P., 2019. IoT Hackers Trick Brazilian Bank Customers into Providing Sensitive Information. [Online]
Available at: https://blog.radware.com/security/2018/08/iot-hackers-trick-brazilian-bank-customers/
[Accessed 6 October 2019].

Higgins, K. J., 2019. Malware Built to Hack Building Automation Systems. [Online]
Available at: https://www.darkreading.com/vulnerabilities—threats/malware-built-to-hack-building-automation-systems/d/d-id/1333671
[Accessed 6 October 2019].

Korolov, M., 2016. IBM’s X-Force team hacks into smart building. [Online]
Available at: https://www.csoonline.com/article/3031649/ibms-x-force-team-hacks-into-smart-building.html
[Accessed 6 October 2019].

van Hooijdonk, R., 2019. Smart homes and buildings are a new battlefield for hackers and security experts. [Online]
Available at: https://richardvanhooijdonk.com/blog/en/smart-homes-and-buildings-are-a-new-battlefield-for-hackers-and-security-experts/
[Accessed 2019 October 2019].

Zion Market Research, 2018. Smart Building Market by Automation Type. [Online]
Available at: https://www.zionmarketresearch.com/report/smart-building-market
[Accessed 6 October 2019].

Please rate this

Quantum Computing and the end of our current way of Information Security

12

September

2019

4.89/5 (9)

Since the beginning of computing, information security has played a vital role. In the early 1960’s, passwords and multiple layers of security protection have been introduced to prevent physical access to computers. In the 1970’s and early 1980’s, computers of governments and organizations were linked to the telephone network. Hackers would break in to the telephone networks to steal information from their computers. In 1989, the world wide web became publicly available, almost completely unsecured. Firewalls and antivirus software were developed to make the internet a safer place. In the 2000’s this trend continued resulting in governments further regulating cyber crime. In this decade, data encryption and better information security policies have increased overall data security. As described, the current state of information security has been build up for half a century. Quantum Computing – due to its unthinkable amount of computing power – might make all these security measurements obsolete and completely make us rethink the way we secure our digital and information assets.

So what is Quantum Computing?

Our current computers all run on bits, a binary information storage having 2 states – 0 and 1. Quantum computers use quantum mechanics to exploit information, depending on so called qubits. These qubits can be both 0 and 1 at the same time, using the quantum state or super position. Given that qubits could be 1 and 0 at the same time, a combination of two qubits contains 4 bits of information and a combination of 3 qubits contains 8 bits of information and so on. In this way, adding a qubit will increase computing power exponentially in bits. Practically this shows us that by creating powerful quantum computers, computing power will be increase to an unthinkable level.

However, quantum supremacy has not been reached yet due to technical limitations of the currently developed quantum computers. Big tech sees the opportunity om quantum and invests worth mentioning investments. For example, IBM has launched IBM Q Experience, an online cloud platform to test their developed quantum computers, in 2016. Microsoft has invested in partnerships with major research institutes all over the world, including a vast partnership with TU Delft researchers.

For further information about quantum mechanics and quantum computing I refer to this YouTube video.

 

How does it affect information security?

This (possibly) immense amount of computing power will affect IT in many ways. Think of the possibilities that Artificial Intelligence combined with the computer power of a quantum computer could have. Will the intelligence of an AI surpass the intelligence of humans? At the same time, the rise in computing power will have its effects on cyber and information security. In this blog, I will further elaborate on the effects on encryption and identity management and passwords.

 

Encryption

Encryption secures our data every day, including your WhatsApp messages, your iCloud Photo Library and banking details. For now, these companies can guarantee that you details are safe. Although, when quantum computers arise, it has been estimated that it would take quantum power of 4,000 qubits to break today’s ”strong” encryption keys (Adams, 2019). These encryptions will be broken down by brute force, also known as “guessing” the private key of an encryption by almost indefinite calculations. Strong, reliable quantum computers that can break these encryptions will probably not be there yet in the coming years. Nevertheless, weak encryption can expect to be easily broken in the near future (Denning, 2018).
In the future you could break into almost every encrypted information system by using brute force. This sound quite frightening doesn’t it? Luckily, this will probably not be the case. Researchers of the US’s National Institute of Standards and Technology are currently considering a vast number of encryptions that are quantum-resistant. A list of these (plausible strong enough) encryptions are published in the beginning of 2019. Another possibility is quantum key-distribution, which is fairly expensive given the fact that sender and receiver should have a quantum computer.

 

Identity management and passwords

In fact, passwords and identity management are some form of encryption. Using brute force passwords can easily be hacked within hours, maybe even minutes. So how can passwords possibly be secured? An option could be multiple factor authentication using third parties. Although this will not be completely secure either, since quantum computers could track down these authentications by brute force too. Anyways, using our current way of passwords will not be secure anymore when quantum computers will arise. So please enjoy in the coming years how easy it still is to sign in to your e-mail, Facebook account or computer.

 

Even though these initiatives, it will take years – maybe decades – for our current global state of IT to adjust to the post-quantum security measures. A global IT-security crisis will break out when this technology comes in hands of criminals. So who is going to tackle this problem? Government and businesses are not very actively seeking for solutions to this disastrous problem.

 

Quantum computers are not there yet. But when – or maybe if – they are available, we should be prepared. From a security perspective this will mean that all information assets should be safe from people that would want to use quantum computers for criminal purposes. This will probably be done by using post-quantum encryption. Personally I think that quantum computing will completely change our current state of information technology. I feel shuddered thinking about a quantum computer getting in the wrong hands. At the same time, imagine what such computational power could do for our society. What is your opinion about quantum computing? Is it a gift, or a potential threat to our information systems and even society? Let me know what you think in the comments.

 

 

 

References:
https://www.weforum.org/agenda/2019/07/why-quantum-computing-could-make-todays-cybersecurity-obsolete/
https://csrc.nist.gov/news/2019/pqc-standardization-process-2nd-round-candidates

Is quantum computing a threat to cybersecurity?


https://moneymaven.io/mishtalk/economics/quantum-computers-will-make-even-strong-passwords-worthless-9TyMxlg6gEiUhY99nJio2A/
http://theconversation.com/is-quantum-computing-a-cybersecurity-threat-107411
https://www.ibm.com/quantum-computing/
https://www.microsoft.com/en-us/research/research-area/quantum/
https://quantum-journal.org/papers/q-2018-08-06-79/pdf/?
https://blog.mesltd.ca/a-history-of-information-security-from-past-to-present
Boixo, Sergio; Isakov, Sergei V.; Smelyanskiy, Vadim N.; Babbush, Ryan; Ding, Nan; Jiang, Zhang; Bremner, Michael J.; Martinis, John M.; Neven, Hartmut (2018). “Characterizing Quantum Supremacy in Near-Term Devices”. Nature Physics. 14 (6): 595–600

Please rate this