March 25, 2019 by Luke James
It is hard to ignore the many benefits that the IoT brings with it. Securing IoT devices, however, is posing a challenge—indeed, it is perhaps one of today's greatest challenges—for manufacturers.
With the continued growth of the IoT and estimations that there will be over 20 billion connected devices globally by 2020, data has grown exponentially alongside it. While there are lots of benefits to be had from IoT's growth, there are also lots of security vulnerabilities, particularly regarding data, posed by unsecured IoT devices for both private individuals and commercial organisations.
Image courtesy of Hacker Noon.
You will win no prize for guessing that the biggest security problems and vulnerabilities are related to data, both personal and corporate.
Manufacturers know this is the case, but they prioritise time-to-market and profit over security. With little-to-no standards or regulations in place to keep manufacturers in check, in addition to a general lack of awareness among consumers and even corporate actors, the IoT is a prime target for hackers and cybercriminals.
You may be thinking that this can't be the case. After all, your computers, tablets, and smartphone devices are relatively secure… and you are right. The problem is not with these 'traditional devices' that have benefitted from 10, 20 years' worth of developments in security; it is with new and novel IoT devices. Toys, home appliances and assistants, and health trackers all produce data and are a huge target.
Image courtesy of Nest.
A connected toy that is not properly secured, for example, can be used as a back door into your home's network or even used to communicate with your children. Even if you are using established and trusted brands, there are still potential risks—in the news recently, it was reported that a Nest home camera was hacked into by an individual who "hurled obscenities".
Although manufacturers could do more to secure the devices they are pushing out, it is not something that is easy to do.
It's not just computers and phones anymore. Advances in technology have created a vast range of solutions that improve, automate, and simplify tasks in key industries such as manufacturing, logistics, and healthcare. This means the attack surface is vast and varied, and there can be no one-size-fits-all security solution for it. Each IoT system is different and can be compromised in a different way, and this requires security by design.
Manufacturers are not entirely to blame. The fact that IoT devices are often quick and easy to deploy and are designed with as little configuration required as possible means that consumers regularly fail to change default passwords, enable encryption or secure communication protocols where possible, or use other security features such as two-factor authentication.
Most cybersecurity solutions that currently exist are far too advanced and complex for low-power, inexpensive IoT products such as sensors that are used in areas like manufacturing. This leads back to the security by design problem—it is necessary to produce bespoke per-device security solutions that are created by systems designers who understand, not only the device itself, but the potential hacker and the many ways they could launch an attack.
Manufacturers and organisations cannot stop IoT attacks, but they can certainly be more proactive in trying to prevent them and mitigate key threats, particularly those surrounding network security and data.
On the other hand, consumers should educate themselves more on the potential risks of using IoT devices and take steps to secure what they use. Additionally, they should hold manufacturers to a much higher standard and vote with their wallets.
Initial developments in IoT focused on single devices that had single purposes. Today, however, each new IoT product is unique. It serves a unique purpose, has unique connectivity, uses unique components, and has its own unique security issues. In addressing the challenge of securing IoT devices, manufacturers must focus on scalable and consistent IoT architectures that are based on pre-set standards.
While there are plenty of security problems associated with the IoT in its current state, it is manufacturers who are the biggest offenders.
The IoT itself is still new and novel: a fad that every organisation wants to cash in on. Although bigger manufacturers such as Google, Amazon, and Apple have begun to set a pseudo 'standard' for IoT devices, there are far too many manufacturers simply pushing new IoT devices to market for the sake of it—they are creating solutions when there is simply no problem that they solve.
Seriously, who needs (or wants!) a smartly connected wine bottle!?
Kuvee’s smart wine bottle. Image courtesy of Uncrate.
On paper, the IoT is a good thing that has a lot of potential, but it still has a long way to go. The question of whether its importance at this point in time outweighs the security considerations can be answered with "it depends".
In fields such as healthcare, perhaps. Private home products, not so much.
Securing the IoT presents one of today's biggest challenges and doing so will become more important as it continues to grow and play an increasingly larger role in our world. By paying attention to security, organisations can focus more on what the IoT was meant to be—a data-led system that improves the end-user experience, optimises industrial processes, and reduces operational costs, among other things.
