Who is Your Machine Talking To?

Friday, April 13, 2012

Patrick Oliver Graf

E595c1d49bf4a26f8e14ce59812af80e

Machine-to-machine communications, often called M2M for short, is an often overlooked – but absolutely essential piece of the modern technical infrastructure – and our daily lives.

For example, consider the business advantages of smart metering, which allows technicians to remotely read electric meters, rather than entering homes.

Or the convenience of sensors in traffic lights that notify control centers and towing companies on road conditions or even GPS sensors that help drivers find alternative routes during times of heavy traffic.

And increasingly, M2M is enabling doctors to monitor pacemakers or vital signs of patients remotely, eliminating the need for ill patients to make frequent doctors’ visits.

Considering this, it’s no surprise that market researchers predict a bright future ahead for M2M technologies. Forrester Research estimates that in 2015 there will be about 70 million M2M connections via Wireless LANs and radio communication networks in the US – plus the systems that communicate via fixed line networks.

Security Remains a Concernimage

Yet, like all remote connections, security is crucial – yet often neglected – when it comes to M2M communications.

With M2M, hackers have several options to attack such a system, such as via weaknesses in M2M applications, the processors and RAM chips of control systems or sensors.

Network connections that communicate with M2M management platforms, however, are especially prone to attacks, in part because the M2M systems primarily communicate via Wi-Fi networks and 2 or 3G connections. 

At this year's Black Hat Europe, White Hat hackers demonstrated how easy it is to break into machine communication. They broke into a car by sending a manipulated text messages to the car's electronic door locking system from an iPhone.

While this hacking was in “good fun,” it carried a sinister undercurrent of a very serious issue. Imagine the potential harm if attackers target remote maintenance solutions of industrial plants or payment systems or if they hacked telemedicine systems.

According to a recent Berg Insight study, there are currently 2.2 million patients with remote diagnosis systems worldwide, with their doctors monitoring their heath through a computer. More than 200 million people in the U.S. and Europe suffer from chronic illnesses that could be treated via this same technology, the study also reports.

Considering how widespread this technology could potentially become, it’s frightening to think about the potential – perhaps fatal – consequences of hackers either intercepting this data, or worse, tampering with it.

VPNs and M2M

These emerging remote access opportunities present amazing advances in medicine, business operations and overall quality life – and should be embraced, albeit securely. So what’s the solution?

Virtual Private Networks (VPNs) can protect M2M endpoints and management systems from attacks and manipulation. A M2M end-device and its M2M management system communicate and transfer data via a secure and encrypted IPsec or SSL tunnel.

Gateways offer another dimension of security by acting as a barricade between the company network and the M2M endpoints.

Gateways even remain in place, after a M2M end-device has been hacked, barring the intruder from gaining access to the server, database and client PCs within the company network. This means there’s no opportunity for hackers to manipulate the data and connections – or in other words, it means you can rest easier. 

Cross-posted from VPN Haus

Possibly Related Articles:
6306
General Network->General Breaches
Information Security
Vulnerabilities Virtualization Attacks VPN WiFi hackers LAN M2M machine-to-machine
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.