The Department of Energy’s Oak Ridge National Laboratory (ORNL) has dipped its toe into the ever-expansive pool of IoT, mentoring a crop of interns on the ins and outs of cybersecurity within smart devices. According to a report by ORNL, these summer interns have been the first to utilize ORNL’s IoT lab, engaging in hands-on research designed to expose weak spots in the digital armor of common household gadgets.
Smart devices, controlling everything from vacuums to doorbells, might seem clever – but lurking beneath their shiny exteriors is a potential security headache. Given the rush to market, some devices betray their users, foregoing a rigorous security protocol. Laura Ann Anderson, a secure communications researcher at ORNL, echoed these findings to ORNL, saying, "The rush to be the first on the market with the newest connected feature often allowed vulnerabilities in systems to be overlooked in either the devices themselves or the protocols over which they communicate."
Colin Tarkington, a computer science sophomore, highlighted to ORNL the parallel between consumer and commercial utilities' smart devices, providing a new approach to evaluate the security of larger utility systems through understanding home gadgets. However, one chilling discovery, as Tarkington told ORNL, was that some doorbell cameras could be easily manipulated, revealing a "flaw that allowed a live feed to be turned off using a simple command to the device, leaving the door areas of a home unprotected."
Meanwhile, Gage Slacum, an undergrad at the University of Tennessee, exposed the disturbing reality that cheap, market-available gadgets could wreak havoc on IoT networks. Identifying these vulnerabilities underlines the critical need for enhanced cybersecurity measures to protect against potential threats – an exposure that both astonishes and educates, as these students have found. "Open-source information can be used in ways that are against the intended use," Slacum illustrated in his findings reported by ORNL.
A notable case study involved robot vacuums researched by master’s degree student Abigail Baker, who discovered to ORNL's interest that even when idle, these devices were actively searching for IP addresses. Baker reflected on her eye-opening internship experience, asserting, "Even though I earned a degree in cybersecurity, I learned through this internship that smart devices aren’t as secure as they claim to be."
The initiative by ORNL to cultivate an environment where students could develop hands-on experience with IoT and cybersecurity reflects a broader commitment to addressing the cybersecurity skills gap in academic circles. ORNL has also partnered with Pellissippi State Community College to extend these opportunities, as mentioned by ORNL, with the establishment of an IoT lab on campus via a $5,000 donation from ORNL—a stride towards equipping the next generation of cybersecurity professionals. In the words of Mat Singleton, an ORNL cybersecurity professional, the program not only teaches 'white hat hacking' but also instructs students on how to address found vulnerabilities with manufacturers.
