Internet of Things : Security is getting better, but far from secure

Shane McGlaun - Aug 27, 2015, 7:25 am CDT
0
Internet of Things : Security is getting better, but far from secure

Connected devices are common all around the world today and becoming more and more common. In years past the only things that were typically networked were computers, tablets, and smartphones. That is all changing with cheap sensors and chips that allow literally anything to be placed on a network. Appliances are getting network capabilities for all sorts of new features.

Sensors that you can place on devices that didn’t initially come with IoT capability are available as well. The issues that surround the IoT are the same issues that surround any networked device with the big issue being privacy and security. Most people don’t want other people being able to access data from networked devices in their home or office.

Consumers’ Concern

The big concern is that something like your car or refrigerator that is networked might pose a security hole that allows nefarious users to access your network, potentially exposing your person data by giving access to devices on your network like computers that have personal information on them.

There will be multiple solutions to making the IoT safer for use, the most important will be some sort of firewall or security measures built into the chips and add-on sensors that are on our devices. It may be handy for your fridge to tell you that you have an appointment today, but I don’t think many people would be willing to have a fridge be a glaring security hole for the rest of their network to avoid opening the calendar on their smartphone.

Flawed Implementations

The connectivity between the IoT sensors and devices and your network will be encrypted to help protect the data from prying eyes, but that might not be enough. A Samsung connected refrigerator was attacked during a DEFCON black hat event in Las Vegas and the researchers found that the fridge was lax when it came to security. Specifically, the Samsung RF28HMELBSR smart fridge uses SSL, but it doesn’t verify if certificates are valid or not. That allowed the hackers to perform a man-in-the-middle attack to steal data.

This particular fridge offers connectivity to allow you to have your Google calendar on the door, among other things. By allowing hackers to steal passwords and security tokens from the fridge, the hackers could then expose the user’s Gmail account which might be a much riper target with lots of personal and business information at the hacker’s finger tips.

Marching Forward

In the next year or so, companies who are making these IoT devices need to focus much more heavily on securing the devices. It may be trivial sounding if your fridge gets hacked, but if it exposes your email account, which in turn exposes your tax returns your identity could end up stolen potentially leaving you with some serious problems.

IoT device makers need to view their devices as potential access points and build very robust security. That security also need to be extensively tested before the products are placed on the market, not after. We can’t stop the IoT from happening, all we can do is hope that manufacturers think hard about security and the fact that devices as random as your car or your refrigerator could leave the door to your network open for thieves. If manufacturers don’t consider security while building the chips and devices that support IoT, security issues could leave consumers running away from connected products. Secure IoT devices are a good thing, IoT devices with poorly implemented security are an accident waiting to happen.

FTC has been pushing IoT device manufacturers to focus more on security. As consumers, we need to demand more accountability from manufacturers when it comes to security as more IoT devices turn mainstream. Early adopters like me however open ourselves to vulnerabilities – and that is by our own choice. For those who are still on the fence, I would suggest waiting until most of these IoT devices matured.

Dear readers – knowing that IoT security isn’t bulletproof, would you still jump on the bandwagon to adopt these tech today? Share your thoughts.

Photo Credit: ShutterStock


Must Read Bits & Bytes