If you use IoT, you're going to be attackedBy Eli Sabatier
IoT has been a hot topic for several years now, and for good reason. The proliferation of devices into people’s homes around the world has grown exponentially over the past 36 months, and continues to grow every day.
The most interesting part of IoT is that it seems to have become the direct representation of what the future embodies: constant connectivity and ubiquitous oversight onto almost every aspect of daily life. From smart home speakers that deliver services and functionality through the likes of Alexa and Siri, to the new world of doorbell and home security cameras, and smart thermostats—the applications of IoT are nearly endless.
More so since IoT has begun its foray into the world of business with applications growing at the same exponential rate. As of late, IoT is being used to do everything from monitor the tracking of shipments, to the monitoring of IT systems, to medical monitoring devices, and more.
And while all of this seems to be right out of the pages of a Gene Roddenberry script, there is a concerning and dark side to IoT that is not being addressed—security.
For every device, whether home or business use, the security protocols within the devices can, in many cases, be all but non-existent. Pair that with the number of IoT security attacks in 2019—2.9 billion events, a 300% increase over 2018—and the reasons to be concerned become crystal clear.
The issue in the industry is simple: a free market with little to no standards pertaining to security. In fact, according to several studies, the want / need / desire to implement security protocols within the industry hasn’t budged in over 15 years.
Most of the cases where IT security vulnerabilities are found, reside within the device firmware itself. Research has shown that there are cascading points of failure within the devices that the manufacturers should know about—but either don’t know, or choose not to care. For instance, compilers and firmware toolchains like Buildroot could be better used in flagging security issues for developers. Furthermore, MIPS (Microprocessor without Interlocked Pipelined Stages) that was considered by many to be a dying breed, is now making a comeback in the IoT space, but the architecture has potential security concerns.
So, all technology speak aside, what needs to be done? For one, regulations must be implemented within the IoT manufacturing space. I think we all agree that a technology sector without regulation and oversight is a dangerous thing and needs to be rectified. That said, there is little to do but hurry up and wait for that to happen, and I wouldn’t hold my breath.
I would firmly suggest that due diligence is the best way to move forward. The old adage of “If you want something done right, do it yourself” plays well for IoT. I would also suggest partnering with a company that knows IT security and has certified people on its team who can help test, discover, and block holes in the IoT security infrastructure to mitigate risk of a potential breach.
IoT isn’t going away, neither are IT security risks. Preparing one for the other is the only way forward.