With interconnected systems like IoT, IoE and smart cities on the rise, Dr Kashif Naseer Qureshi discusses some of the top cybersecurity concerns of these networks.
In today’s world, the internet of things (IoT) is proving to be a critical component of the ongoing evolution of the tech landscape.
IoT refers to a network of devices and objects embedded with sensors, software and network connectivity, allowing them to connect and share data, and is now continually being utilised in a variety of scenarios including healthcare, transport and even in the household.
Within its own evolution, IoT has sprouted a number of advanced and connected concepts, such as smart city networks and the internet of everything (IoE).
IoE builds upon IoT by integrating not only physical devices but also people, processes and data into a highly interconnected system.
“IoE aims to create smarter, more efficient ecosystems by enabling seamless communication and automation across these components,” explains Dr Kashif Naseer Qureshi, an associate professor in the Department of Electronic and Computer Engineering at the University of Limerick.
“This concept enhances decision-making, optimises resource utilisation and improves user experiences by leveraging real-time data and intelligent analytics.”
But while IoE and IoT both have their benefits, they also have their share of cybersecurity concerns that must be adequately protected against.
Qureshi describes threats such as man-in-the-middle attacks, where threat actors intercept and alter communications between devices, as well as device hijacking which can enable attackers to take control of smart devices for malicious purposes.
“Data theft is a major concern, as many IoT devices collect and store sensitive personal or business information,” says Qureshi. “Distributed denial of service (DDoS) attacks are also a significant threat, where large networks of compromised IoT devices, known as botnets, flood a system with excessive traffic, making it inaccessible.”
Unique threats
According to Qureshi, IoT and IoE networks are also vulnerable to unique attacks that traditional IT networks don’t typically face, highlighting the need for dedicated IoT security strategies.
“One example is botnet infiltration, where compromised devices are controlled remotely to launch cyberattacks,” he says.
He also highlights the risk of “side-channel attacks”, which exploit physical characteristics such as power consumption or electromagnetic emissions to extract sensitive information from a device.
Firmware tampering, where attackers modify the software of IoT devices to introduce vulnerabilities, present particularly “serious security risks” in IoT devices, says Qureshi. An example of such risks includes the easily discoverable and exploitable vulnerabilities of hardcoded credentials such as factory-set usernames and embedded passwords.
“Many IoT devices also lack secure boot mechanisms, which means attackers can load unauthorised firmware updates, introducing backdoors or malicious functionality.”
But what IoT and IoE devices are most vulnerable to these attacks?
“Devices that lack regular security updates, use default login credentials, or are designed with minimal security features are particularly vulnerable,” says Qureshi.
“Smart home devices like cameras, routers and smart locks are common targets due to weak authentication mechanisms. Industrial IoT (IIoT) devices used in critical infrastructure, such as power grids and manufacturing systems, are also at high risk, as their compromise can lead to large-scale disruptions.”
In order to secure IoT and IoE devices, Qureshi says that regular firmware updates are essential to patch vulnerabilities, along with strong authentication mechanisms such as multi-factor authentication, which should be implemented to prevent unauthorised access.
“Network segmentation can limit exposure by isolating IoT devices from critical IT systems,” he adds. “Additionally, continuous monitoring using intrusion detection systems can help detect and respond to anomalies before they escalate into full-blown security breaches.”
Smart cities, smart protections
When it comes to IoT-driven smart city networks, which involve interconnected systems managing public services such as traffic control, energy distribution, and surveillance, some major cybersecurity concerns persist.
“One major concern is that a vulnerability in one part of the system can have cascading effects across the entire city,” says Qureshi. “Data privacy is another key issue, as smart city networks collect vast amounts of data, which, if compromised, could lead to identity theft or surveillance abuses.”
One of the biggest risks, however, is attacks on critical infrastructure such as water and power systems, which could cause major disruptions to essential services.
“Public utilities, such as water treatment facilities and energy grids, are attractive targets for cybercriminals due to their essential role in society,” explains Qureshi. “Transportation systems, including smart traffic lights and connected vehicles, are also vulnerable to cyberattacks that could disrupt mobility and safety.
“Healthcare IoT networks, which include smart medical devices and hospital systems, are at high risk since breaches could directly impact patient care and data security.”
While all of these risks are significant, Qureshi says there are ways to enhance smart city and IoT network cybersecurity, especially with the use of modern tech.
For example, artificial intelligence can be used to detect anomalies and predict potential threats before they materialise, while blockchain technology can be used to provide a secure method for data authentication and “tamper-proof” transactions.
Qureshi also describes how advanced encryption techniques can be used to “protect data both at rest and in transit”, and the use of edge computing can minimise risks by processing data locally, “reducing the need for constant transmission over potentially insecure networks”.
The development and usage of IoT and smart city networks shows no sign of halting any time soon. A report from last September released by IoT Analytics stated that there were 16.6bn connected IoT devices by the end of 2023 – a growth of 15pc compared to 2022 – and predicts that the number of connected IoT devices will grow to 40bn by 2030.
As these systems continue to expand, Qureshi says that cybersecurity will remain a top priority.
“Future strategies should emphasise security by design, where cybersecurity is integrated into devices and systems from the outset,” he says. “Continuous monitoring and adaptive defense mechanisms will be critical to responding to evolving threats.
“Additionally, collaboration among government agencies, private companies and security researchers will be essential in addressing new vulnerabilities and ensuring the resilience of interconnected digital ecosystems.”
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
