IoT Security in the Era of COVID-19
By Sohini Bagchi
In the fight against COVID-19, technology innovations are steadily making a difference to healthcare systems. The pace of innovation in Internet of Things (IoT) systems, in particular, to track infections, people movement, detect potential carriers, and remotely monitor health conditions are now being used and developed all over the world.
However, the use of those tools to manage the crisis raises significant questions about security, data collection and protecting the privacy of citizens and communities
According to Forrester Research analyst Chris Sherman, two U.S. hospitals have already been attacked via virtual care systems, after a hacker targeted a vulnerability in a medical IoT device (specifically, a remote patient-monitoring sensor) and gained access to the hospitals’ patient databases. And in another type of attack, the Fresenius Group, a medical device maker and the largest private hospital operator in Europe, has been hit by ransomware.
Cybersecurity no.1 priority for IoT devices
Clearly then, cybersecurity for IoT devices has never been more critical, as the plethora of newly-connected devices are exploited by hackers and other bad actors to gain access to the ‘connected enterprise.’
In a recent blog published on EETimes Asia, Asem Elshimi, RFIC design engineer for IoT wireless solutions at Silicon Labs, writes that IoT technology can lead the way in helping to prevent and manage current and future pandemics. However, IoT privacy and security vulnerabilities must be addressed before the technology reaches the hands of healthcare consumers. “Addressing such concerns begs for the collective work of legislative, economical, medical, and technical players in the field. From a technical standpoint, a tremendous amount of innovations already exist to protect hardware and software devices against hacks. However, establishing consumer trust in how their personal data is handled by the providers yet again remains an open issue,” he writes.
A strong security strategy – need of the hour
With strong security strategy in place, IoT innovation will help countries rebound in the post-COVID era, with an increased focus in healthcare and hygiene. The problem is, most connected devices are not secure enough to collect and safeguard personal data. Inadequate security features, weak encryption, and easy access to firmware or encryption keys could lead to significant breaches of security, compromising sensitive personal data. Additionally, in the wrong hands, data related to infections or potential exposure could be used for discrimination in employment, insurance, and access to financial services, among others.
In an article published in the June 2020 print issue titled “Pandemic vs. Privacy,” the author mentioned, “Any such program that we implement to track the spread of COVID-19 should follow some basic guidelines to ensure that the data is used only for public health research. This data should not be used for marketing, commercial gain, or law enforcement. It shouldn’t even be used for research outside of public health. For example, contact tracing apps, could lead to a new wave of surveillance by governments and private corporations. The way those apps collect information, where data is being stored and processed, who has access to it, how it is secured, and how long it can be retained, are important questions to be answered before those apps start being used.
Going further, this data must be encrypted on the device, during transit and when stored on a cloud or government server, so that random hackers can’t access it. Only the agency in charge of track-and-trace efforts should have access to the data from the device. This means that police departments, immigration agencies, or private companies can’t access that data, the article mentioned. With IoT expanding rapidly and expected to reach 20.4 billion devices by the end of this year, we can expect even more innovations in this area, especially as the technology is actively used to contain the coronavirus outbreak. However, experts believe, if we can get the security aspect right, we can use the lessons learned during COVID-19 not only to protect public health for current and future epidemics, but also promote a more privacy-centric approach to the Internet of Things on the whole.