Bridging the IoT Innovation-Security Gap
February 7, 2020
There is a problem with the Internet of Things: It's incredibly insecure.This is not a problem that is inherent to the idea of smart devices. Wearables, smart houses, and fitness tracking apps can be made secure -- or at least more secure than they currently are.The problem, instead, is one that largely has been created by the companies that make
IoT devices. Many of these devices are manufactured by relatively small, relatively new companies with little expertise when it comes to cybersecurity. Even large companies, however, and even those that produce thousands of
hackable smart TVs a year, cannot be forgiven so easily.In truth, when it comes to the
Internet of Things, many companies have prioritized connectivity and "innovation" (read popular but insecure features) over cybersecurity.These approaches have led to a variety of security vulnerabilities in IoT devices.
Perhaps the biggest problem when it comes to the cybersecurity of IoT devices is that many companies simply don't support them after release. In fact, many IoT devices don't even have the capability of being updated, even against the most
common types of cyberattack.This means that even a device that was secure when it was released quickly can become highly vulnerable. Manufacturers often are more focused on releasing their new device than on spending time to patch "historic" security flaws. This attitude can leave these devices in a permanently insecure state.Failing to update these devices is a huge problem -- and not just for consumers who have their data stolen. It also means that a company's devices can fall victim to a single, large cyberattack that could ruin their reputation, and erase their profitability.
A second major -- and avoidable -- problem with IoT devices is that they ship with default passwords, and users are not reminded to change them in order
to secure their home IoT networks. This is despite industry and government-level advice against using default passwords.This vulnerability led to the highest-profile IoT hack to date, the Mirai botnet, which compromised millions of IoT devices by the simple method of using their default passwords.Though some UK-based Web hosts
detected the attack and blocked it from reaching consumer devices, dozens of manufacturers had their devices hacked in this way. Nevertheless, in the absence of legal requirements against using default passwords, they continue to do so.
IoT devices are particularly susceptible to hacking for a more complex reason: They are integrated into the home and corporate networks to a degree unprecedented in traditional systems.IoT devices typically have a very rapid development process, and during this rush there appears to be no time to think through what such devices actually need access to. As a result, a typical IoT device, or app, will...