Internet of Things challenges the Operational Security

Definition

Internet of Things means for example that our everyday devices, vehicles, and home appliances are connected to the Internet. Through the connection devices both receive and send data all the time. When soldiers are in operation but off-duty, they use their smartphones, smartwatches, fitness sensors, tablets, cars, televisions, refrigerators, microwave ovens, smart speakers, computers, game consoles, etc. These connected devices have microphones, cameras, and sensors that collect data even without user’s acknowledgment. The primary data is further sold to advertisers or published openly on the Internet. These devices also provide an avenue for the adversary to hack the devices and make them robots that collect data and send it directly to the adversary.

Description

A knowledgeable adversary may use this data and merge it with other collected data to gain for example the following information:

• Feelings, sleeping and regular exercise routes of soldiers in bases; all sports watches, smartphones and fitness bands. China warned their soldiers of not leaking sensitive data in operations.
• Telephony conversations, SMS’s, social media publications, etc. made by soldiers; all smartwatches, phones, and tablets. Russians have hacked NATO soldiers cell phones.
• Voices, still pictures, movement, and temperature around soldiers; smartphones, televisions, all voice guided devices. Chinese hacked the smart speakers with Dolphin Attack.
• Video recording of events around the device; all devices with cameras. CIA produced a tool “Weeping Angel” to hack into Samsung Smart TV.
• Electromagnetic radiation around the devices; all devices with RF transceivers, Wi-Fi, Bluetooth, GSM, etc. All smart devices are banned in the sensitive end of the White House. The COS Kelly’s phone was hacked.

Mitigation

The following options are available to mitigate the threats exposed by the Internet of Things: 

1. Deny all these devices from soldiers. Estonian Defence Forces leaned that modern youngsters are hard to isolate from their virtual life, so they will find ways to work around the ban.
2. Provide soldiers with Armed Forces GSM and Wi-Fi connectivity, Bring Your Own Device. The Defence Forces of Finland has provided her UN fighters with domestic GSM services past three decades already.
3. Provide soldiers with smart devices managed by Armed Forces, Choose Your Own Device. The Defence Forces of Finland has provided her UN fighters with smart devices to use both in service and off-duty past five years.

References

1. http://www.topix.com/forum/tech/gps/TDKSDIHTP4KJ2O38L/china-warned-the-world-about-the-dangers-of-fitnes
2. http://www.dailymail.co.uk/news/article-4955836/Russians-hacking-NATO-soldiers-cellphones.html
3. http://internetofthingsagenda.techtarget.com/blog/IoT-Agenda/Speaking-of-security-Smart-speaker-risks-and-rewards
4. https://www.theverge.com/2017/4/25/15421326/smart-tv-hacking-cia-samsung-weeping-angel-vulnerability
5. https://www.cnet.com/news/white-house-bans-personal-phones/