The more connected we are to the world, the less privacy and security we have from the world. It’s a simple truth; especially in the time of net-connected gadgets. This is the internet of things (IoT); any device that can be connected or accessed via an IP address.
Here’s what everyone’s thinking… considering all the security measures and firewalls we have, there’s nothing to worry about, right? Actually, there’s plenty of reason for concern because these measures are better suited to your servers, smartphones and laptops. Every other wireless device that can connect to an internet network is not so safe; they don’t have the size or processing power to allow proper encryption and other measures.
Experts are of the opinion that not enough is being done today for device security, making them plenty vulnerable to cybercrime. When you think about how much of your personal information these devices contain, you can see why you should be worried, and why IoT security is taking center stage.
What’s the Big Deal?
Today’s world is filled with “smart” devices. Everything from your car to your home appliances, what you use at your office, and even the things you wear (like the Fitbit) are connected to the internet (directly, via the cloud or a mobile app), and is collecting information about you and your surroundings.
It’s great when you’re the only one accessing the device, but what about when someone else can do it? Consider this…many of these devices transmit your information without encryption, and accept weak passwords and authorization. According to Fortify’s research, 70% of common IoT devices are vulnerable. That’s terrifying!
Imagine driving your car and finding out you’re no longer in control and someone is speeding up or slowing down? What if someone could access your baby cameras or even your home security cameras and watch what’s happening in your house? What if someone who was stalking you knew where you were all the time because they had access to your Fitbit data?
The attack may not even be directed against you personally; you may just be a convenient opening into a closed network. For example, your compromised wearable could be just the opening someone needs to access your company’s server…you log onto your office network and voila, they’re behind the firewall and ready to cause trouble.
Then there’s a third aspect – corporations. How much of your information can a company accessing? If they can get it, what are they doing with it?
Why is there so little IoT Security?
A key point here is that these devices are all consumer items that are quickly adopted – whether because they make life easier or because it’s a fad. Combine this with short life cycles and you have producers looking to churn out products quickly with little regard for security. Not too many companies are going to take the time (or incur the costs) to provide more than the most basic security measures, possibly with insufficient testing.
Another concern is updates. Computer and phone software usually have auto updates that keep them protected. For IoT, with newer versions coming out so frequently, developers may provide only limited updates for older models, if not stopping their production completely; this would render all the older versions vulnerable to viruses and hacking.
Basically, there are insufficient apps to monitor and report on threats, disagreement on how to implement security measures and even what constitutes “sufficient” measures, and there’s no one-size-fits-all fix.
What can be done?
The good thing is that IoT companies are beginning to acknowledge the weaknesses in their products’ security; which means that they’re starting to deal with it. Besides improving their products, they do also need to educate their staff as well as their customers about the potential risks and how to protect themselves. What they need to work towards is a security first approach to counter potential attacks, greater transparency, and less data collection by the devices with the option for users to deny data collection. And above all, they need to prepare for attempts to breach security.
On the consumer’s side of the table, we need to get as much information about the products and then weigh their usefulness against their security features. Is the function worth the risk? On a company level (because they’re big adopters of IoT – think of all the cameras, video conferencing monitors, etc. that a single company will have!), IT departments should include these IoT devices in their monitoring efforts and work with vendors to patch and protect them.
Sprinkler controls, home thermostats, TVs and webcams…the recent past have made it clear that IoT devices are going to be a way of life now. And as we connect more devices to a network, we open more doors to compromising ourselves; it’s going to take a long while for IoT security to even come close to catching up with device development. But the first step to dealing with a problem is identifying it; since we’ve done that, hopefully things will start looking up soon!