4 Replies Latest reply on Mar 24, 2015 1:32 PM by gadget.iom

    Is IoT Security a Non-Issue?



      In an ever increasing world of connectivity the rise of The Internet of Things has sparked questions around security.

      More and more devices are being connected to the internet and smart homes are becoming more and more common place. I'm sure many people ready this will have a smart device  of some kind that is connected to the internet. There is no question that this is an exciting time for technology, and the lives we lead have been undoubtedly changed by IoT, mostly for the better in my opinion.

      But is the question of security really as big as it is being made out out to be?


      Many blogs and news articles are happy to point out all of the weak points in the security of IoT but how realistic is it to think that a home would come under cyber attack?

      People are concerned about their homes being hacked and businesses preciously guard all data and information behind complex and expensive encryption software, but is it all really necessary? Is IoT security more of an issue when it comes to businesses or are home networks just as much at threat?

      We'd love to hear your thoughts on IoT security and if it is, in fact, a real threat or a non-issue.


      Want more content related to IoT Security? Check out the articles below!

      The Basics of IoT Security

      What Marketing Won't Tell you About the IoT

      Security in Home Automation

      A Dangerous Cyber World

        • Re: Is IoT Security a Non-Issue?

          IOT security is  a huge issue - IMO it will be the limiting factor in IOT development and take up. Already we have seen that some TVs can be hacked to listen to you in your sitting room. We've seen the Stuxnet exploit used to significant military effect.

          If there are are literally billions of cheap devices running old software (and it will be old because the life of "things" is long compared with software) many will be readily hackable, and some will be in positions which will make them worth hacking.



          1 of 1 people found this helpful
          • Re: Is IoT Security a Non-Issue?

            It is an issue, and one that I feel will increase in severity as newer devices are released.

            Heatmiser are a classic example: http://cybergibbons.com/security-2/heatmiser-wifi-thermostat-vulnerabilities/


            "It's only a thermostat" you may say, but any internet connected device that allows a complete stranger to directly affect my utility bills, or even damage my property (damp, frozen pipes etc) is a bad thing indeed.


            Slightly more worrying in this case is the plaintext accessibility of the users password, with so many people reusing passwords what are the chances I could port scan on the IP address and find other IoT devices such as CCTV cameras, and then find the same password lets me in.


            If the holiday function on that thermostat is used, and another device on the network can identify the address, then I know where you live and when you're on holiday. Just do me favour and install a door entry system using the same password and I promise not to break your windows.

            • Re: Is IoT Security a Non-Issue?



              I think it is a huge issue, but resolvable if we want to.

              Consumer devices may be harder because of many factors - some devices/solutions cost-cut / rely on wild-west/kickstarter mentality / unawareness by consumers.


              For example, complete absence of any security protocols does not stop many kickstarter IoT-like projects raising $100k+ as we regularly see.


              However in the enterprise space, there are plenty of large multi-million $$ deployments - and they do factor in security needs otherwise they wouldn't exist.


              There are different elements to security, and it will take time in the consumer space. But not too long I think/hope. The danger is that despite security risks the benefits for some applications may persuade consumers to use non-secure offerings regardless. For example, a smartphone is probably less secure than a dumbphone, since third party smartphone apps may be malicious. But that doesn't stop most people ditching smartphones and just using their old GSM-era Nokias. Same as how people continue to use eBay despite them leaking people's personal data in that famous security breach a year ago.


              Also, as an example, we have no hope of typical consumers understanding (or wanting to understand) SSL. They understand a padlock in the browser (well, some consumers do). But a padlock doesn't guarantee that the remote site will not misuse data.


              Also, as the drive for IoT may drive IPv6 in contrast today in the UK at least one of the large SPs still does not offer IPv6 blocks to residential customers - and in some ways that may be more secure than NAT all over the place.


              Anyway, it is good to keep the visibility high on security - and highlight when solutions fall short like some of the kickstarter projects we see mentioned from time to time.

              1 of 1 people found this helpful