"Our forecasts do not repeat the mantra about tens of billions of nodes being deployed in only a few years. The many analysts sticking to such euphoria ignore the fact that, contrary to their expectation, very little IoT was deployed in 2016. They are 'bubble pushing' with their forecasts, predicting ever steeper take-off to the point of physical impossibility. That is a triumph of hope over reality," IDTechEx said in a statement.
IoT devices include everything from smart fridges and digital video recorders, to CCTV cameras, routers and baby monitors.
Ken Munro, a cybersecurity expert and partner at UK-based security consultancy Pen Test Partners (PTP) and an executive member of the "Internet of Things Security Forum" — a body that aims to promote best security practices for smart device manufacturing — told Sputnik of the inherent security design flaws for IoT devices.
"Where do I start? We see old-school problems like insecure apps used to control IoT devices, things like insecure communications, straightforward vulnerabilities that have been known for ten plus years in apps," Ken Munro told Sputnik.
First talk of 7 this week! #cyberinsight16 — IoT Armageddon and future cyber liability claims scenarios pic.twitter.com/1Vgcd9Id9g
— Ken Munro (@TheKenMunroShow) November 14, 2016
"Typically, they get there before the IT vendors probably outsource the coding and haven't really thought too hard about asking questions about security of their outsource developers.
"We also see vulnerabilities in Wi-Fi and Bluetooth — if they're not done properly they can lead to security vulnerability for that site. We see issues with the hardware, software and firmware on devices.
"The problem there is that you're putting the software in the hands of the hacker, effectively. Anyone who is willing to buy products can potentially access your hardware. What we often find is we can extract firmware form IoT devices, and glean lots of interesting secrets, which can eventually lead to devices being hacked," Mr Munro explained.
One recent high-profile hacking incident involved the website of prominent security blogger Brian Krebs. In September 2016, the website was overwhelmed by what's being called one of the biggest ever distributed denial of service (DDoS) attacks in Internet history.
KrebsOnSecurity hit with record DDoS attack. Akamai: Someone has a botnet with capabilities we haven't seen before https://t.co/MQketE3nWN
— briankrebs (@briankrebs) September 22, 2016
Cybercriminals put together a network of 152,463 hacked cameras and other IoT enabled devices, to create what is called a botnet.
These botnets are used to deliver DDoS attacks, which basically means flooding a network or web server with so much traffic that it cannot cope and crashes.
It amounted to a coordinated an unprecedented targeted cyber assault.
Mr. Munro says that IoT devices are all too vulnerable to exactly this kind of manipulation:
"I think we're just scratching the surface of denial of service from IoT services right now."
Market research firm IDTechEx also dismissed ex-Ericsson Chief Executive Hans Vesterberg's 2010 claim that there could be some "50 billion IoT devices" in the world by the year 2020.
Off to #IoTBuild today — A bag of new vulnerable IoT gear to hack with me. No dolls or kettles; this time it's about weaponising IoT
— Ken Munro (@TheKenMunroShow) November 16, 2016
Mr. Munro is equally skeptical:
"I think we're probably not going to see the growth rates that people are expecting. I think security concerns are going to be a significant break on the growth of IoT. So, until those security concerns are resolved, we're going to see moderate growth."
However, Mr. Munro does believe that there is a great deal of potential in future development of IoT.
"I think IoT done well can do amazing things, like for instance with assisted living for the elderly. I think it's a phenomenal benefit if we can do it securely.
"With all these great new technologies comes a lot of responsibility, if we're going to make people more dependent when they're living with physical conditions — there are going to be very vulnerable people — so we're going to need to be very, very aware of security for them," Mr. Munro told Sputnik.
Despite the cybersecurity challenges, the world of IoT has come a long way.
Ten years ago, IoT devices were mainly machines, distinct from consumer gadgets. Now, they've diversified into a myriad of different devices. Even your pillow could be an IoT!
No wonder then, that some technology giants like Cisco and Intel speak about the "Internet of Everything."
