Part 1 of a four part series on security and the Internet of Things (IoT).
- In this part, I will discuss the state of the IoT Security.
- In Part 2, I will explore and discuss existing security approaches and products.
- In Part 3 I will dive deeper into the technical side of IoT Security.
- In Part 4 I will initiate a discussion of the IoT Security market.
What you don't know can hurt you. I ran into some pretty scary items while conducting research for this blog. There is an IoT search engine that will scan the internet looking for open, unencrypted device ports and will report back what it finds. Including, for example, the stream of a web cam monitoring a sleeping baby. I also found:
- A report about a security researcher able to remotely change the dose of an insulin pump or change the voltage levels on a pacemaker.
- Discussions about hackers utilizing your home devices to gain entry into your home network and all you have stored there.
- And many, many more.
Frightened yet? I am.
The chilling facts. The above examples of science fiction becoming science fact - from identity theft to tampering with medical devices - are easy to find. New technologies are still not taking security into account and, consequently, we are developing an open and unsecure infrastructure. The evolution is somewhat understandable as, who would want to hack a refrigerator? But your refrigerator now could be a gateway to your finances.
Do you think this is all hype? Mountains made out of molehills? Possibly, but hacks into your webcams and your home router are real; and consider this, the FTC is now involved(1). ARS Technica reports that the FTC has "prosecuted more than 50 cases against companies that did not reasonably secure their networks, products, or services" and published a list of industry best practices for IoT manufacturers.
This may seem like fantasy, but it is not. This is our reality today. The average appliance consumer will not realize that by plugging in their device and configuring it on the wireless, they could open themselves up to identity theft, web cam stalking, and other malicious activities and attacks.
Education of the end user will help but until and unless manufacturers of IoT devices stop looking at security as an added cost, and start looking at it a fundamental cost of doing business, these vulnerabilities will remain in place and continue to make the Internet of Things a very dangerous place to be.
In my next posts I will discuss what is currently in place or being released and the possibilities that are open to us to bring security into this space.
(1) Porup, J.M. "“Internet of Things” Security Is Hilariously Broken and Getting Worse." ARS Technica. N.p., 23 Jan. 2016. Web. 26 Feb. 2016.