Connected devices are on the rise and can be found at every turn – but how can we be sure they are keeping our data safe?
Are IoT developers paying attention to security?
You can now readily buy “smart” door locks, coffee machines, garden sprinklers and even teddy bears – all with their own apps and all connected to the internet. Such internet of things (IoT) devices are all around us, most visibly in the form of CCTV cameras and devices such as smart electricity meters.
Analyst Gartner predicts that there will be 8.4 billion IoT devices on the planet by the end of this year. But at present, many IoT gadgets are not as secure as they should be, and could put private data at risk, according to Scott Cairns, chief technology officer at T-Systems UK.
At present, many IoT gadgets are not as secure as they should be
Businesses using smart devices such as thermostats and security cameras need to be doubly careful. Mr Cairns says: “If your business uses these, you’re basically extending the boundaries of your corporate network. With any sensors that are being used in ‘the wild’, you need to ensure the data is being encrypted at that point; otherwise it may be at risk.
“What needs to happen across the board is what’s already happening in mobile, where companies such as Samsung have a good record of encrypting data on the device.”
Addressing the issue
Daniel Miessler, director of advisory services at cyber-security consultancy IOActive, says: “Security is the issue for IoT. Both companies and consumers are deploying IoT systems without understanding how those systems work – and what security implications they could have for the business, your home and your life.”
“Your security depends on who is producing your IoT devices but anyone and everyone is making them. It’s difficult to know your data is safe unless you shop carefully.”
Mr Miessler says that, in many cases, the gadgets are being developed too quickly – and without consideration for security. “Features and functionality usually trump risk considerations for consumers and businesses. It’s just human nature.”
Research by the Mobile Ecosystem Forum showed that many consumers are alarmed by the multiplying number of connected devices, with 60pc concerned about the issue and 62pc identifying privacy as their major concern.
“We’ve seen many examples of poor IoT security,” says Mr Miessler. “To list but a few: alarm systems that can be remotely opened by an attacker; hoverboards that can be reprogrammed; cars that can be turned off on the [motorway]; camera robots that can be remotely monitored; home video cameras that can be spied on from the internet; home appliances that can be hijacked into becoming part of a global botnet. We’ve seen so many things and IoT is really just getting started.”
These risks are not to be taken lightly – not least because companies could face costly legal suits if hackers use IoT devices to access private data, warns Jim Sherwood, partner and head of product liability at law firm BLM.
Mr Sherwood says: “If [the devices are] not correctly protected, hackers will be able to infiltrate devices simultaneously, meaning they could potentially have access to larger amounts of private data.We have already seen law firms in the US pursuing potential claims regarding [IoT-enabled thermostat device] Google Nest, and further claims are expected as this technology – and the threats associated with it – becomes increasingly commonplace.”
For full Story, Click here.