While covert security is not new, its been about for 100’s of years, the use of a technology that’s Low-cost, Long life(10 years between battery change), operates in the unlicensed spectrum and openly available is new and significant threat to society
The advantages of IoT to the criminal or spy, is that this technology has the ability to hide radio signal in the noise floor. As a result only if you know the decoding technique can the signal be recovered. These types of system have been used more and more particular government organisations that want to hide their monitoring signals.
This and the rapid growth with low-cost and low-power consumption sensor that make it easier for Criminals and Governments to monitor individual’s without detection for long period.
Example of Hidden Devices
An example in history is the “The Thing, Great Seal Bug” that was given to the Whitehouse by Russia and bugged the location for 7 years till discovered in 1952. While this needed high RF fields to illuminate the bug to power the device, todays IoT devices can be embedded in devices and used for years being controlled remotely and turn on and off.
While this is not new or an activity for spy, or police organisations it means that for general public they are available to provide for location people detection and other novel information collection using unlicensed spectrum. For Governments and Police this just gives them a way to hide their intelligence gathering , in much greater volume and at very low cost, and SecureThings expect an explosion in the use of this equipment by them, to target individuals, as it gives a smart system to detect activities by Criminals, activists and in a similar way the Government and Police are expected to misuse the information. While the growth in covert nodes will be rapid, network gateway manipulation and controls are expected as well.
Detection of risks and Solutions
A a result of the issues above,SecureThing.Uk has spent a considerable amount time and research in the use and detection of covert IoT devices. These include in the following areas of:
- False Gateways to intercept traffic (as seen in GSM mobile)
- Interception of Internet traffic from nodes
- Legal request, to extract traffic from network servers both Public and Private
- Node application trojans used to release keys or divert application data