Hailed as a panacea by
those for whom the world cannot move quickly enough, the Internet of
Things has been a long time coming. But is Internet of Things security
up to scratch?
Several false dawns later,
however, the Internet of Things is finally here. For me the tipping
point, the moment of realization, was the arrival of the WiFi kettle
– a device whose existence used to be an in-joke I shared with former
colleagues. “When the WiFi kettle arrives”, we’d say, “then the internet
will be complete”.
Now, though, it seems that
the possibility of coming home to ready-boiled water isn’t so much a
glorious triumph of connected technology as a reason to be fearful for
our home security. Because, as a Gartner executive warned last week, the
Internet of Things is opening up a new Wild West of internet security.
“Some of the leading
vendors that are developing products are making some effort to address
security concerns, but Gartner believes the majority aren’t at this
stage – convenience, user friendliness, time-to-market all win out over
security at this point”, said Earl Perkins, research vice president at Gartner.
He’s right. The reality is that in our eagerness to finally have the Internet of Things – and in the eagerness of companies to sell us the Internet of Things – security is being given a pass.
You think internet security
is a minefield now? What will it be like when every household has
dozens of new devices connected to the internet, each with its own
firmware and network access permissions?
The multiplication of
attack vectors is already borne out by a wide range of case studies.
Baby monitors, which often come with two-way audio as well as one-way
video functions, have been hacked by abusive – if not actually dangerous
– individuals, most recently in Houston, Texas last month.
Then there’s Google’s much vaunted Nest thermostat – the eco-friendly must-have smart heating solution. Last August, hackers took just fifteen seconds
to re-root a Nest with infected firmware. Granted, it required physical
access which greatly reduces the risk, but as Computer World points
out, how many people might buy a Nest second-hand, or from eBay?
It goes on. Smart LED light bulbs have been hacked
to reveal credentials for the wifi network, allowing the hacker to
control the lighting system. ‘Smart’ doorbells and entry systems have
proven similarly vulnerable; the appeal to would-be thieves is obvious.
Internet of Things security
risks aren’t limited to vulnerabilities, however. The very functions
that make our connected devices appealing may also be our undoing, if
they are not properly curbed. Samsung TVs have recently been revealed
to be recording, collecting and transmitting everything that is said
within range of their microphones, to be sent to third party companies.
Whatever the ‘Thing’ being
hacked in the Internet of Things is, it doesn’t really matter. It can be
your fridge or your front door – the risks are the same. Your WiFi
details can be compromised, and your devices put to use in a botnet,
facilitating further hacks. Or the various information your devices have
about your lifestyle can be put together to aid bricks-and-mortar
crime, or steal aspects of your identity you didn’t think possible. Your
eating habits; how warm you like the house; the hours you keep; even
the pet names you have for your spouse. What about when you connect your
fitness band? Your weight, blood pressure and sleeping habits are now
up for grabs.
Internet of Things devices
need to be protected like computers, phones or tablets. They need to
stop storing password data in plain text, and they need to be prevented
from over-gathering data in commercial interests. They need to be
better-made, and consumers need to be better-informed.
With a report recently published by the FTC, and Internet of Things security currently up for debate in the US Senate, maybe we are finally nearing some action on security for connected devices. But it can’t come soon enough.
Source:
welivesecurity.com
No comments:
Post a Comment