US researchers plot Internet of Things security on map

Bluetooth Special Interest Group survey results smart home security
Internet of Things: Gartner estimates that there are 5bn connected devices currently in use, up 30% from 2014

In the US, a team of researchers from Texas-based IT security consultancy Praetorian Secure is working on a Internet of Things Map to identify how devices are interacting and what security issues are being created.

The project team has confirmed it plans to create a database of Internet of Things devices along the model of the Shodon search engine for SCADA devices – the world’s first search engine for Internet-connected devices.

According to SC Magazine, vice president for marketing at Praetorian, Paul Jauregui, said the project “aims to answer some basic questions about the Internet of Things ‘ecosystem’, such as where are these things being used, who made them, what do they do and are they secure?”

Zigbee IoT devices

The team at Praetorian is looking to evaluate connected devices that use the ZigBee protocol to communicate.

The team will employ drones that can carry scanning devices supplied by a partner start-up company to map parts of Austin in Texas as well as the US cities of Las Vegas, Boston, Houston and Washington, DC.

“ZigBee enabled devices include a range of energy saving equipment including smart light bulbs,” adds SC Magazine.

According the Internet of Things Map project website, “a smart lighting system might consist of several ZigBee-enabled smart bulbs, a ZigBee remote controller, a smart lighting gateway plugged into a local Wi-Fi router, mobile apps used to control the system and back-end cloud services.”

Jauregui commented: “This project is about exploration… We developed a proprietary device internally that allows us to pick up on IoT beacon responses, and we are able to analyse them and determine attributes of those devices.

“In the field, we could walk around with these devices, drive around or strap it to a drone.”

Identifying security issues

Using drone technology, the research group can analyse signals picked up from IoT devices, and subsequently triangulate the position of the device and determine the manufacturer and type of device.

Jauregui added: “The project had a lot of security questions we wanted to answer. Any device coming online to communicate – such as light bulbs, industrial controls, cars – as these devices come online it introduces new layers of complexity in the environment.

“It could be new technologies or existing technologies working together in new ways – and there are lot of limitations in standards and protocols that are being used.”

Some of the results of the project so far show that concentrations of these devices can vary widely from one neighbourhood to the next and that there are particular brands of connected devices that take preference over others. Results showed that 30% of the market is dominated by Sony, while Phillips has a 9% share.

Jauregui concluded by saying: “The next phase is taking a deeper dive into the data set and see what we have found – to dive deeper into research space and understand the protocols that these devices and machines use to communicate with each other.”