By: Adam Weinberg
The Internet of Things (IoT) is bringing some of the most change-resistant businesses into the vanguard of the digital age. Utilities, healthcare, manufacturing, agriculture, and a wide range of other industries are revolutionizing their operations with smart, interconnected devices and sensors. For many of these enterprises, private cellular networks are the obvious solution for getting these devices to talk to each other in the field. The pace of cellular IoT adoption is picking up, driven by cellular standards designed to fit the low-power, low-cost requirements common to large-scale IoT implementations.
The number of narrow-band IoT connections has quadrupled over the past two years, and is projected to reach 1.2 billion by 2025. Cellular networks are an affordable, scalable solution for organizations that need to build and maintain robust IoT systems for modern applications.
But the benefits of cellular IoT come with challenges that need to be taken into consideration early in the process of blueprinting your IoT deployment—challenges like mitigating the risks associated with cellular networks and remote device installations. One frequently neglected risk is actually an old threat that is rapidly becoming relevant once again: signaling attacks.
Consider the case of an agricultural operation that uses IoT devices to monitor greenhouses for temperature, humidity, and other conditions. A malicious competitor could connect to the network and use their own device to send signaling commands that allow them to gain unauthorized access to the network and execute attacks to stop watering, turn off the grow lamps, and send false data back to whoever is monitoring things.
This may seem like a lot of intrigue over some plants but concerns like this are very real for high-stakes growers. Take medicinal cannabis farms as an example. In addition to utilizing IoT sensors, valves, and other growing equipment, installations like these frequently protect themselves from theft through the use of extensive physical security devices such as motion detectors, video cameras, and smart fences. These devices could be disabled through attacks carried out over the cellular network. Sophisticated hackers could even use a man-in-the-middle attack to override a live video feed, just like in the movies.
The particulars for businesses in other industries may differ, but the threat remains the same: cybercriminals accessing IoT devices through cellular connections for the purpose of causing harm.
Generally speaking, IoT networks give hackers plenty of opportunities to refine their craft and test many of the assumptions that these technologies were built upon. Unfortunately, IoT developers have been slow to make built-in device or network security a priority.
Software tools and encryption methods that provide security at the IP layer and device level offer important protections against certain types of threats. However, they provide no defense at all against threats like signaling attacks—a key vulnerability unique to cellular networks.
Signaling attacks can be used to intercept protected data, track the physical location and status of connected devices, send falsified communications, or disconnect devices