Design World

  • Home
  • Technologies
    • 3D CAD
    • Electronics • electrical
    • Fastening & Joining
    • Factory automation
    • Linear Motion
    • Motion Control
    • Test & Measurement
    • Sensors
    • Fluid power
  • Learn
    • Ebooks / Tech Tips
    • Engineering Week
    • Future of Design Engineering
    • MC² Motion Control Classrooms
    • Podcasts
    • Videos
    • Webinars
  • LEAP AWARDS
  • Leadership
    • 2022 Voting
    • 2021 Winners
  • Design Guide Library
  • Resources
    • 3D Cad Models
      • PARTsolutions
      • TraceParts
    • Digital Issues
      • Design World
      • EE World
    • Women in Engineering
  • Supplier Listings

April 2019 Special Edition: Internet of Things Handbook

By Reggie Hall | April 17, 2019

Share

Everything you thought you knew about IoT security is wrong

Listen to the advice being given for securing IoT devices and you are likely to be told that the level of security should be scaled to meet the probable threats. Internet-connected home thermostats, for example, should be designed to prevent compromise by hobbyists and serious hackers. But the usual recommendation is that there’s no reason to worry about a nation-state prying into your home thermostat. After all, wouldn’t North Korea have better things to do than screw around with the temperature in your house?

This philosophy about IoT security sounds completely reasonable. And it is completely wrong.

The reason emerged from a presentation by Princeton University researchers at last year’s USENIX Security Symposium. They found that it would be possible for attackers to grab control of high-wattage consumer devices – such as A/C units and heaters – to mount a large-scale coordinated attack on the power grid. The idea is to infiltrate numerous high-wattage IoT loads for the purpose of turning them all on or off simultaneously. Simulation results show these shenanigans could cause everything from local power outages to large-scale blackouts.

There is a precedent for the style of attack the Princeton researchers envision. In 2016, the Mirai botnet virus took down several major websites via a denial-of-service attack. (The botnet moniker arises from Mirai’s control of infected devices from a central set of servers.) Attacks took place via seemingly innocuous IoT devices that included home routers, air-quality monitors, and personal surveillance cameras. Researchers estimate that at its peak, Mirai infected over 600,000 vulnerable IoT devices.

Mirai proved how simple it can be to compromise large numbers of IoT devices. The initial version simply tried a fixed set of 64 well-known default login/password combinations in common use. Mirai found the vulnerable devices by randomly scanning the internet for targets and attacking. Once it got control of an IoT device, Mirai software reported to the attacking servers which then infected the device.

The Princeton researchers found that a sudden 30% rise in demand caused grid generators to trip. They figured an adversary would need access to about 90,000 A/C units or 18,000 water heaters in a target area to pull off this stunt.

Turning on loads in one area and turning them off in another could also cause further havoc. Power flows through the grid according to Kirchhoff’s laws, so the grid operator has almost no control of how power flows once generators kick in. Rising demand in one area can create line overloads and failures which, in turn, may cause further cascading line failures. Particularly at risk, say researchers, are tie lines connecting between neighboring power systems.

Even if hackers don’t succeed in shutting down the grid, they can dramatically drive up the costs of operating it. When demand exceeds planned capacity, the grid operator must purchase additional electric power from reserve generators. Power from these generators usually costs significantly more than that from the usual sources. Researchers ran simulations showing that boosting power demand during peak hours by just 5% can bring a 20% rise in the power generation costs.

All of which should give you pause the next time you hear a security expert smugly claim consumer IoT devices don’t need protection from well-organized cyberwarfare agencies.

LEE TESCHLER | EXECUTIVE EDITOR


Filed Under: EE World Digital Issues, DIGITAL ISSUES

 

Related Articles Read More >

April 2022 Issue: A look at AI and advanced simulation in software
April 2022 Special Edition: Internet of Things Handbook
March 2022 Special Edition: Motion System Trends
March 2022 Issue: Augmented Reality Gets Real

DESIGN GUIDE LIBRARY

“motion

Enews Sign Up

Motion Control Classroom

Design World Digital Edition

cover

Browse the most current issue of Design World and back issues in an easy to use high quality format. Clip, share and download with the leading design engineering magazine today.

EDABoard the Forum for Electronics

Top global problem solving EE forum covering Microcontrollers, DSP, Networking, Analog and Digital Design, RF, Power Electronics, PCB Routing and much more

EDABoard: Forum for electronics

Sponsored Content

  • Global supply needs drive increased manufacturing footprint development
  • How to Increase Rotational Capacity for a Retaining Ring
  • Cordis high resolution electronic proportional pressure controls
  • WAGO’s custom designed interface wiring system making industrial applications easier
  • 10 Reasons to Specify Valve Manifolds
  • Case study: How a 3D-printed tool saved thousands of hours and dollars

Design World Podcasts

May 17, 2022
Another view on additive and the aerospace industry
See More >
Engineering Exchange

The Engineering Exchange is a global educational networking community for engineers.

Connect, share, and learn today »

Design World
  • Advertising
  • About us
  • Contact
  • Manage your Design World Subscription
  • Subscribe
  • Design World Digital Network
  • Engineering White Papers
  • LEAP AWARDS

Copyright © 2022 WTWH Media LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media
Privacy Policy | Advertising | About Us

Search Design World

  • Home
  • Technologies
    • 3D CAD
    • Electronics • electrical
    • Fastening & Joining
    • Factory automation
    • Linear Motion
    • Motion Control
    • Test & Measurement
    • Sensors
    • Fluid power
  • Learn
    • Ebooks / Tech Tips
    • Engineering Week
    • Future of Design Engineering
    • MC² Motion Control Classrooms
    • Podcasts
    • Videos
    • Webinars
  • LEAP AWARDS
  • Leadership
    • 2022 Voting
    • 2021 Winners
  • Design Guide Library
  • Resources
    • 3D Cad Models
      • PARTsolutions
      • TraceParts
    • Digital Issues
      • Design World
      • EE World
    • Women in Engineering
  • Supplier Listings