The Internet of Things is big, and getting bigger. Breakthroughs in technology, falling costs, and a growing market mean it is an increasingly exciting space to get into. Yet, as with all growing technological innovations, it has its security challenges. Let’s take a look at some of the security concerns thrown up by IoT and how to tackle them.
Many companies don’t think about the security of IoT devices, as before embedded devices could be connected to the cloud there was no need. Connect any device to the internet, however, be it a laptop or a toaster, and all of a sudden security concerns arise. As IoT devices connected to the cloud proliferate, so do opportunities for hackers to gain entry to your devices and - through them - your server.
Often vendors don’t understand that the simple process of adding internet functionality to their devices - even if they are not traditionally internet devices - could compromise the whole network.
This risk only becomes greater as devices gradually become more interconnected, and when we take into account the fact device protocols used by IoT may not have gone through the same testing for vulnerabilities as that which traditional software goes through. It is a new industry, with developers unable to work from a manual in many cases and solving new problems. Though devices will be functional, they need to be properly tested for security issues.
These potential threats are scary enough when it comes to the Connected Home and your personal security, but let’s not forget IoT goes far beyond that, into the likes of financial services, healthcare, oil and gas, electric, and government. Yet awareness of security risks still seems to be lacking, with perhaps only a well publicized attack with serious loss of data likely to make people sit up and take notice.
Still, there are some companies handling security for IoT, though major firms have not yet taken the lead on it. Yet companies and individuals using IoT also need to be aware that these security firms can’t do everything. If a user doesn’t change a preset password, and a hacker gains access to their device and server, it is out of the company’s hands. Preparation needs to go in from all sides before devices are rolled out to ensure security.
This preparation is hampered by the fact that patching vulnerabilities as you go along is usually cheaper than making sure the IoT product is secure from the start. Patching can actually make issues worse, confusing customers and leaving products open to attacks. Best to make sure security protocols are in place from the beginning, and that customers know what they need to do to keep themselves secure at the time of purchase.
Better encryption is necessary. Many analysts believe poor implementation of cryptographic features could be a major weakness in the face of attackers who could reset them. Poor passwords are another issue, with customers needing to be educated on the need to reset passwords upon purchase, and how to make those passwords most effective. Currently, too, IoT devices might lack of the processing power, compounding security issues. However, this will change, but in the meantime companies need to be aware that there are potential problems and make sure they are covered.
You might think that as an IoT business your first priority is functionality, but in terms of keeping you and your customers secure, making sure your solutions are protected against malicious attacks must come at the top of the list.
Other articles in this section
The first thing to know about code reviews is if you think they’re easy, you’re probably terrible at them. But don’t feel bad.
Developments within the Internet of Things (IoT) space are happening at tremendous speed, but the pace of this change creates challenges from a security standpoint.
A good user interface is an essential part of great software development. A user interface is the “front-end” that allows the user to easily interact with your software.
Brian is a life-long software developer who loves to help others succeed. A frequent source for media outlets, such as BBC, Entrepreneur and Bloomberg, Brian also frequently speaks at universities, conferences and the like. His new book, "Unravelling the Internet of Things" will be available soon on Amazon.com.