IoT Security – The Trojan Horse Is In The House.
There is quite a lot of hype about smart, connected devices at the moment. CES 2016 brought back the appliances that can make your life easier. You saw the vacuum cleaners that work on their own and message you when the house is clean.
You must have heard of the smart fridge that can check what food it contains, be that expired or not and order replacements on your behalf. Or, keep an eye on the beer and let you know when is just “that cold.” I’m sure you’ve also heard about that smart coffee machine that knows when you are awake and makes your latte while you’re still in the bed. Oh, let’s not forget that washing machine that is never going to run low on washing powder.
IoT Security – How Secure Are These Devices?
These smart appliances are here to help us, to make our lives better, easier. You can say that the future looks good. But let me ask you something. How secure are these devices? How familiar are you with the IoT security? Because want it or not, there is more to these smart devices than you know, or than their makers want you to know.
The IoT security is often ignored when it comes to new smart devices. It is hard to comprehend why when you realise that all IoT devices must connect to the internet in order to function. And, as you know, everything connected to the internet can be hacked. Therefore, any smart, connected device is a hackable device too.
The IoT security is a massive problem at the moment. Better said, the lack of IoT security. Most of the “things” you can buy are “packed” with vulnerabilities. It is very easy, to “mess up” with the IoT security of these devices. For example, there is a top ten most popular IoT devices you can buy right now and you know what? Every single one of them has an average of twenty-five vulnerabilities. A piece! Many of these “holes” are severe, conform to a team of experts from HP.
The team from HP have found 250 flaws across the checked IoT devices. Each of these devices had some form of weak cloud protections or insecure remote application components. Moreover, nine of them collected personal user data. Let’s put it this way. There is no IoT security at the moment.
IoT Security – Your Life Inside Your IoT Device
How ironic is this? You buy a smart device to help you, but it rather hacks you. Collects your data. More like a Trojan horse. You get it in the house because it might be good for you. In fact, once the gadget is in the house, things can get quite scary. You see, most of these IoT devices are going to collect your credit card details. Your date of birth, your name and even your address.
A bigger problem is caused by the fact that most of these IoT devices are sending your data to the cloud, by using your home network. The data is not encrypted; hence, you are just a network misconfiguration away from exposing your data to the world, via your own WIFI network. Not what you would call IoT security, is it?
But it does not stop here. In fact, it gets even worse. Some of the cloud services that these devices use, come with privacy concerns. More and more third party companies race to take advantage of the cloud platforms. These companies provide third-party services to the device manufacturer, services that you, the end user use, benefit from and don’t care much where they come from.
In reality, these third party companies have access to your data too. Parties you are not aware off. Parties that are running behind the scene. Parties that you do not have to approve. Parties that do not need your explicit consent to handle and use your data. In an ideal scenario, these parties should be vetted. These third party providers should pass an IoT security check and get the clearance to work with your data.
IoT Security – Where Are The Standards?
It is true, these third-party services are useful to the user. You get that “extra” bit for the same buck. Still, there are many raising questions here. Do these devices need to collect your personal information to function? Do they depend on your data? Where do they store your data? What is the level of IoT security they have or, provide you with?
And then again, it does not stop here. Most of the IoT devices part of this test, were found to accept simple passwords. The researchers were able to use 12345 to “secure” their accounts. To top it up, the connection to your router was not encrypted.
Similar Read: Examples Of How IoT Can Better Our Lives
Six out of those ten IoT devices checked, had poor web interfaces that contained persistent cross-site scripting, poor session management, weak credentials and poor password-reset managers. It is like the wild, wild west. There are no IoT security standards at the moment.
All existing IoT devices must undergo an IoT security review. The manufacturers must cover all components and build their next IoT devices according to the latest security standards. The makers must apply infosec to all stages of the development lifecycle.
As the number of connected IoT devices is on the rise, the IoT security concerns are also growing. The IoT devices can do much more damage in the long run. Damage to a business. Damage at a personal level. As a comparison, two security holes on a mobile phone can be translated to over fifty concerns on an IoT device.
Just consider multiple IoT devices in an interconnected home or a business space. It would be a disaster. If you make IoT, if you use IoT, you must take that extra step. Stay IoT safe, stay IoT secure.