The internet of things needs security provision which is just as ambitious.
The mind boggling possibilities of the internet era are now finally coming to fruition. Although ‘The Internet of Things’, or ‘IoT’ as it’s known, isn’t a new concept (the first toaster connected to the internet was actually unveiled in 1989) it offers the tantalising prospect of an ever increasing network of physical devices, vehicles, inert objects and even buildings connected to the internet, each other and beyond. These devices will be available at our every whim, in fact IoT is guaranteed to be a massive part of our everyday lives, and probably sooner rather than later. Investment bank Morgan Stanley have predicted IoT will accelerate at a furious pace in the coming year whilst Business Insider UK predicts IoT will be “The world’s most massive device market and save companies billions of dollars”.
With this seemingly tidal wave of innovation and progress, what are the security risks? Are they being suitably managed to cope with this surge in advancement?
Smart energy meters and light bulbs for the home are amongst the first devices to be fully connected using wireless technology and are currently being rolled out across the country. Despite seemingly innocuous, researchers recently uncovered a total of nine vulnerabilities in a selection of internet-connected light bulbs, all of which had been made available to the public.
Leaving this network vulnerable and exposed did not just mean access to home lights were compromised but it left the home Wi-Fi network access exposed to potential online attackers or those with malicious intent. It was also reported that a password could have easily been extracted from the associated smartphone after a series of extremely remedial errors were committed by the firm involved.
When you add to the equation that these devices are fully capable of collecting and sharing data on an grand and minutiae scale then you can begin to see that susceptibility flaws in the IoT market really do open up a Pandora’s box of issues. From data theft to endangering personal safety there are a plethora of motives for would be attackers.
Considering that so many multi-national companies are urgently investing in IoT platforms for within the home setting you’d hope and assume that suitable level of security was an integral part of the business plan. However, cybersecurity expert at University College London, Professor Angela Sasse has suggested otherwise
“They may be able to test that the software does what it’s supposed to do – but they don’t always test the things it is not supposed to do”.
Internet guru and security expert Bruce Schneier takes the debate one step further and argues that the rush for IoT amounts to a “craze” and that the predicament cannot be solved within the market alone, instead governments must mitigate and make urgent provision. Aside from homes being compromised on a multitude of levels affecting personal safety, Schneier adds that hostile foreign powers might even take advantage of IoT national infrastructure, including voting machines (in the US) and industrial devices controlling major public facilities.
In short we report that security provision is greatly underprepared to deal with the tsunami of technological progress within IoT.