How Security Must Adapt to the Internet of Things

From Amazon’s Alexa to Ring’s Video Doorbell, the Internet of Things (IoT) continues its transformation of technology.  Not only is it enhancing the way human beings live, but the speed of innovation is presenting challenges for IoT security.

Security Concerns on the Rise

In light of recent cybersecurity cases, the security concern for IoT devices is on the rise.  The growing market for IoT gadgets has proven to be a challenge for businesses due to the risk that they impose at a corporate office, particularly for use in conference rooms, executive suites and even a low-cost building security camera system.  According to Craig Young, a cybersecurity researcher at Tripwire, a major part of the problem is that firmware is not updated on a regular basis.

Furthermore, researchers at the University of Michigan were recently able to hack into the Samsung SmartThings Platform and control an entire home automation system.  Companies often install devices and are alerted about the security threat, but often ignore or put off the patching of the device.

Why is This Important?

Young also explains that the most common hack is to break into a connected home hub.  This houses connected devices like door locks, motion detectors, sprinkler systems and alarm systems.  Surprisingly, at this time, there are only a few security apps that can monitor IoT devices.  When companies purchase wireless devices for their offices, like Bluetooth mice and wireless keyboards, they have very slim knowledge of who develops the firmware that runs on them.  With no real adoption of security and the growing amount of Internet-connected devices, threats will continue to increase.

Beware of Botnets

IoT devices can be susceptible to botnets; a privately-harnessed group of systems controlled via malware.  Botnets mount distributed denial of service (DDoS) attacks which then target systems.  For device owners, be conscious of what you connect to the Internet and change the default password to a hard-to-guess one.

How to Secure IoT Devices

Larger IoT companies, like Belkin, seem to be taking control and responding to firmware problems or are at least acknowledging the growing issue.

The best way to ensure data privacy and combat botnets, devices that must authenticate against other systems should be configured to do so securely with things such as unique IDs and passwords.  In some cases, it may also be possible to implement encryption keys to protect device identity.  Specific IoT devices with this capability include closed-circuit TV or DVR devices.  Other methods to use include issuing SSL certificates.  Researching and implementing these capabilities will be a good starting point for IoT security.

Due to the rise in IoT devices, attackers are now able to generate massive DDoS attacks against organizations.  Having a proper risk response plan in place will help to combat the traffic before it reaches the organization.

In addition, IoT devices can use hardware-based trust anchors known as “roots of trust”.  This utilizes a trusted boot process to ensure devices operate in a known secured state and contents remain private.

So while IoT devices provide large benefits, it is critical to educate, inform and prepare for security threats to an individual and organization.