Five Reasons To Be Concerned About Internet of Things Security
During the past few months, scary news has appeared about Internet of Things (IoT) vulnerabilities that put baby monitors, connected cars and other things at risk. People should be alarmed, but not surprised. The IoT, after all, is the meeting of two things which, together, are potentially a recipe for disaster.
On one hand, it quickly is moving to the heart of our lives and, on a daily basis, deals at a deep level with our financial and physical well-being. On the other, it is an as-yet poorly secured technology that offers hackers a cornucopia of ways to access this data.
This post will take a high level look at why the IoT keeps security experts up at night. In the next post, I will collect some insights into what first steps to confronting this situation should be.
Some reasons IoT is a raising yellow flags to security experts:
- The entry points into the network are freely available: In current networks, hackers generally must work through a computer to remotely gain access to a network that is cordoned off from direct contact. In the case of the IoT, however, a hacker can go to car showrooms, baby stores or consumer electronics retailers and pick up IoT end points. They can try to hack in the comfort of their own workshops. They also can try to hack in wirelessly via devices and services used by others. The IoT is everywhere.
- The IoT is on a low budget: The IoT is comprised of millions and millions – and eventually billions – of tiny electronic sensors and similar devices. That means one thing: They are designed and manufactured in an atmosphere in which every penny counts. Is adequate security built into systems and subsystems? Is it possible to upgrade the these devices once they are deployed? In a landscape in which every penny counts, it is almost certain that corners will be cut.
- Power is another issue. IoT end points are so numerous and in many cases so inaccessible that they are built to last a long time – or permanently – without human intervention. For this reason, their power consumption is reduced to the lowest point possible. Is security sacrificed in order to keep power demand low?
- Hackers don’t have to be too successful: Usually, hacking is thought only to be a success if things such as credit card numbers and Social Security numbers are stolen.
- Let’s not forget middle category. Information about so much of people’s daily lives – their use of utilities, their location, their medical situation and, indeed, their indiscretions – is trafficked by the IoT. The ability to access even a small portion of this data can be valuable to malcontents. For instance, suppose IoT data out of a home to the power utility and the security company’s central station indicates that the heat and AC have been off and that the doors unopened for days on end. That would suggest that the home is vacant and a good target for a robbery.
The IoT is evolving quickly. Problems exist long before the solutions emerge. And, even once there are solutions, it takes time for them to wend their way through and close the vulnerability. Putting a technically shaky system in place with hopes that a fix will be slapped on is problematic.
Read about IoT standards: Pressure Builds To Develop Internet Of Things Standards.
We have a question: What do you think should be step one in securing the IoT? Tweet us at @Aerohive or email us at firstname.lastname@example.org. We will publish what we’ve learned in the next post on IoT security.