The Internet of Things can be exciting, but it brings to light major IoT security concerns. Here’s what’s potentially at risk, as well as some solutions:
While the Internet of Things (IoT) remains in its infancy, it seems that IoT security has yet to be born. Techworld describes IoT as the connection between “internet-enabled devices that relay information back to us, to cloud-based applications and to each other (device to device).” These devices can include smartphones, kitchen appliances, lamps, wearables, the drill of an oil rig or the engine of an airplane. Gartner projects that there will be as many as 21 billion IoT devices by 2020 — devices that can easily be compromised with a simple online search by a hacker. TechRepublic recently examined IoT’s massive security woes and how they might be resolved.
The Scope and Potential Impact
Tod Beardsley, Rapid7‘s senior security research manager, explained the IoT’s security problems for the TechRepublic article as “real and difficult, but not insurmountable.” The problems begin with the lack of universal IoT standards for security. With so many different vendors producing IoT devices, such as sensors, there’s been no single interoperable secure firmware as a platform for delivering better security. It’s a bit like the Wild West, but the sheriffs haven’t shown up in town yet.
Because of a lack of IoT standards regarding security, hackers can compromise your device and you likely wouldn’t even know it. Most IoT products simply lack strong security or logging controls to detect hacks. Lastly, there’s been a lack of adequate focus from cybersecurity professionals on IoT’s security issues, mostly because of the frequency and urgency of hackers breaking into online systems containing private information, such as health records or financial records. It may take a huge IoT attack to actually refocus cybersecurity professionals on the up-and-coming security problems.
As for the potential impact from a massive attack on IoT devices, it’s so large (and growing) that it’s hard to imagine. Think of the millions of networked devices that now use sensors, and how important they are to our daily lives, even for activities as simple as walking through a shop’s front door. Timothy Sparapani, founder of SPQR Strategies, adds: “If those IoT systems are corrupted by hackers, the amount of chaos could be immense.”
IoT Security Solutions
IoT and cybersecurity experts, such as Beardsley and Sparaponi, envision three things needing to occur to resolve the large security holes in IoT. First, standard, interoperable security systems should be built into every IoT device not only to prevent hacks, but also to identify hacking attempts. This step will require coordinated, smart action by IoT vendors — and it may not happen at all until an IoT crisis strikes. Second, IoT vendors should make routine, automatic updates to software available in order to patch against evolving vulnerabilities. Finally, the huge amounts of data shared over networked IoT devices should be encrypted to make data less easy to hack. Open data transmission makes IoT an easy target for hackers. As Beardsley says, “We have plenty of work ahead of us [regarding IoT], but I’m optimistic we will be able to get a handle on these issues before it’s too late.”
Nothing refocuses security resources like a crisis, and the next cybersecurity crisis you see could be in the burgeoning realm of IoT. That crisis could also be a much-needed catalyst for necessary changes in IoT security.