IoT Security – The Trojan Horse Is In The House.
There is quite a lot of hype about smart, connected devices at the moment. CES 2016 brought back the appliances that can make your life easier. You saw the vacuum cleaners that work on their own and message you when the house is clean.
You must have heard of the smart fridge that can check what is in the fridge, expired or not and order food on your behalf. Or keep an eye on the beer and let you know what it is “that cold.” I’m sure you’ve also heard of the smart coffee machine that knows when you are awake and makes your latte while you’re still in bed. Or, that washing machine that’s never going to run low on washing powder.
IOT SECURITY – HOW SECURE ARE THESE DEVICES?
Everything sounds and looks perfect. These devices are here to help us, to make our lives easier. But let me ask you something. How secure are these devices? What do you know about the IoT security? Let’s not forget one thing. Everything connected to the internet can be hacked. A smart, connected device is a hackable device too.
Most of the smart “Things” you’ll find on the market at the moment are “packed” with vulnerabilities. It is easier than you can imagine, to screw the IoT security of these devices. Every single device in the top ten most popular IoT devices you can buy right now has an average of twenty-five vulnerabilities. A piece! Many of these “holes” are severe, conform to a team of experts from HP.
The team from HP have found 250 flaws across the checked IoT devices. Each of these devices had some form of weak cloud protections or insecure remote application components. Moreover, nine of them collected personal user data. Let’s put it this way. There is no IoT security at the moment.
IOT SECURITY – YOUR LIFE INSIDE YOUR IOT DEVICE
How ironic is this? You buy a smart device to help you, but it rather hacks you. Collects your data. More like a Trojan horse. You get it in the house because it might be good. In fact, once the gadget is in the house, things can get quite scary. You see, most of these IoT devices are going to collect your credit card details. Your date of birth, your name and even your address.
A bigger problem is caused by most of these IoT devices sending your data to the cloud, by using your home network. The data is not encrypted; hence, you are just a network misconfiguration away from exposing your data to the world, via your WIFI network. Not what you would call IoT security, is it?
The cloud service that these devices use presents a significant privacy concern. More and more third party companies race to take advantage of the cloud platforms and the services these programs provide. That means more parties have access to your data. Parties you are not aware off. Parties are running behind the scene. Parties you do not have to approve. These parties should pass an IoT security check, to work with your data.
IOT SECURITY – WHERE ARE THE STANDARDS?
It is true, these 3rd party services are useful to the user. You get that extra for the same buck. Still, there are many raising questions here. Do these devices need to collect your personal information to function? Do they depend on your data? Where do they store your data? What is the level of IoT security they have or provide you with?
However, it does not stop here. Most of the IoT devices in this test were found to accept simple passwords. The researchers used 12345 to “secure” their accounts. To top it up, the connection was not encrypted.
Six out of ten IoT devices had poor web interfaces that contained persistent cross-site scripting, poor session management, weak credentials and poor password-reset managers. It is like the wild, wild west. There are no IoT security standards at the moment.
All existing IoT devices must undergo an IoT security review. The manufacturers must cover all components and build their next IoT devices according to security standards. The makers must apply infosec to all stages of the development lifecycle.
As the number of connected IoT devices is on the rise, the IoT security concerns are also growing. The IoT devices can do much more damage in the long run. To a business or a personal level. As a comparison, two security holes on a mobile phone can be translated to over fifty concerns on an IoT device.
Just consider multiple IoT devices in an interconnected home or business space. It would be a disaster. If you make IoT, if you use IoT, you must take that extra step. Stay IoT safe, stay IoT secure.