The Internet of Things (IoT) -- which connects wearables, smart home appliances, and other devices to the internet -- has been widely hyped as the next big growth market by tech companies. Intel (INTC 0.79%) claims that the number of connected devices will surge from 15 billion in 2015 to 200 billion by 2020. That's a whopping 26 smart objects tethered to every person on the earth.
Bullish forecasts like those sparked a land grab in the IoT market, with companies often pumping out connected objects before considering the privacy and security implications. That lack of oversight became brutally clear recently with a series of cyberattacks which exploited unsecured IoT devices to take down major websites like Twitter, Shopify, and Spotify. If these attacks get worse, could the dream of connecting "everything" to the internet suddenly seem like a really bad idea?
Rise of the robots
One of the most common ways to knock a website offline is with a DDoS (distributed denial of service) attack. In this attack, hordes of devices which are infected by malware act as "bots" to continually flood traffic to a targeted site and knock it offline. In the past, these networks of infected devices, called "botnets", were mainly comprised of computers.
As the security of traditional PCs improved, botnets spread toward other connected devices like smartphones and tablets. But now that mobile OS defenses are improving, hackers have started targeting IoT devices. Many security experts have warned that many IoT devices can be hacked with simple attacks which were blocked on PCs years ago. Nonetheless, many companies looking to capitalize on the growth of the IoT market threw caution to the wind as they launched a wide array of connected devices.
This created the perfect opportunity for IoT botnets to strike. The Mirai botnet, which primarily targets remote cameras and home routers, was recently used in several major DDoS attacks on cybersecurity journalist Brian Kreb's website, French web host OVH, and internet directory service Dyn, plus the entire internet infrastructure of Liberia. To make matters worse, the source code for Mirai was recently released online, guaranteeing that more advanced Mirai-based attacks will follow.
Will those "smart home" dreams evaporate?
The security problems plaguing the IoT could hurt tech giants, which are trying to establish smart home ecosystems. Big players in this market include Alphabet's (GOOG -2.18%) (GOOGL -2.30%) Google, Samsung (NASDAQOTH: SSNLF), Apple (AAPL -0.31%), Amazon (AMZN -3.44%), and Facebook (META -1.35%).
Google's Nest, Home, and Cast products create a smart home ecosystem which controls the temperature, answers questions, receives commands, and "casts" music and video to various screens and audio devices around the home. Samsung's SmartThings ecosystem connects various smart appliances to each other and its mobile app.
Apple's HomeKit tethers third-party devices to its iOS app, while Amazon does the same with its Echo smart speakers. Facebook hasn't formally entered the smart home race yet, but it's already teased a home AI platform for controlling connected lights and thermostats.
These companies all want to expand their internet presence into physical homes to increase user dependence on their hardware, software, or services. But if Mirai-like attacks continue knocking websites offline and making global headlines, consumers will likely think twice before upgrading all their "dumb" appliances to "smart" ones.
So who's trying to protect the IoT?
The Mirai botnet sounds scary, but companies are developing countermeasures, just as they previously did with PCs and mobile devices. Companies on the front line include networking giant Cisco, cybersecurity giant Symantec, and next-gen firewall vendors Palo Alto Networks and Check Point Software. Threat prevention firms like FireEye have also been improving their software to recognize these IoT-based botnet attacks.
There are also new security measures in the RTOS (real-time operating systems) which run on IoT chips. ARM Holdings, which was recently acquired by Softbank, previously beefed up the security of its mBed RTOS with the acquisitions of security firms Offspark and Sansa Security, as well as a partnership with IBM. Intel's IoT chips run on its VxWorks RTOS, which is secured by Intel Security (which is being spun off with a majority stake sold to TPG) software, which is tethered to Intel's IoT Gateway.
The road ahead...
These efforts indicate that progress is being made, but the IoT market can be tough to secure due to the wide variety of different devices on the market. This hardware and software fragmentation makes it easier for hackers to exploit vulnerabilities and harder for security companies to counter the attacks. If this continues to happen, the bullish sentiment for the IoT market could fade, but cybersecurity companies would benefit from rising demand for IoT security services.