2015 was projected to be the year of the IoT. While it may not have been that, the IoT certainly continued to grow and continues to grow as we speak. Analysts are still predicting huge numbers of connected devices within the coming years. Even though the IoT has continued to grow and see innovation, one area is still not receiving the attention many people believe it deserves, and that area is security.
According to a survey by Auth0, more than 52 percent of consumers and 90 percent of developers are skeptical about IoT security. Those are huge numbers.
Securing the Internet of Things is an extremely daunting task. It is one that all companies must bear partial responsibility for. The difficulty lies within the fact that many companies are pouring their energy and effort into the user experience rather than security. Meaning that security is being overlooked. Not to mention that most of the companies working on these IoT devices are still in the startup phase and are low on resources, which means security is not even close to what it could be.
The director of the Internet of Things Security Foundation, John Moor, has described it has sleepwalking.
“If we are not careful we could be sleepwalking into a lot of problems, some of which may not have been seen before. There’s lots of focus on the innovation opportunities around IoT, but there has been relatively little on its dark underbelly to date,” he said.
Why Security is a huge concern for the IoT
Even after being around many years, the internet still isn’t secure. And it never will be. Even though security has been greatly improved from the early days of the internet, we as users are still willing to accept the risk that runs alongside using the internet. And now that data has become easier to access than ever before, privacy concerns are beginning to bubble. The IoT is going to face a very similar situation.
The concerns lie within the way the IoT works. The devices are always connected to the internet, making them vulnerable 24 hours a day 7 days a week. This makes IoT devices the perfect target for man-in-the-middle attacks, which try to steal sensitive information such as passwords.
When speaking with TechCrunch, Patrick Foxhoven, CTO of Emerging Technologies at ZScaler, explained, “More often than not, IoT devices are developed by companies with a different mindset – they think about user experience before security or compliance. These devices increase the attack surface of a network, and IT needs to put a plan in place to secure them.”
The problem is that it may not happen soon
According to developers surveyed by Auth0,“one reason for this is because IoT devices are often pushed to market too quickly, forcing developers to cut corners. If adding security components is resulting in a slower time-to-market, the chances are greater that they won’t be implemented at all.”
So we know that the IoT is vulnerable, but is it actually getting hacked?
One of the most famous hacks on IoT devices took place on baby monitors. Where hackers could get in and view the camera and even yell obscenities at the baby. Another famous hack took place on a Jeep Cherokee. Security researchers Charlie Miller and Chris Valasek hacked a 2014 Jeep Cherokee and exposed just how vulnerable these cars were.
Also during the same summer of the Jeep Cherokee hack, many others were discovered, including when researchers at the University of California at San Diego showed how they could hack a car using a small dongle that insurance companies ask drivers to plug into their vehicles. Using the car’s radio, the hackers were able to disable a Corvette’s brakes. These are some pretty serious hacks.
What’s being done to improve security?
The companies that have already been exposed by hackers have taken the claims very seriously. The Jeep hack led to Fiat sending out 1.4 million USB flash drives that contained a patch that fixed the security vulnerability. Tesla has had to send out multiple over the air updates to patch their security and the insurance company told wired that they sent out a patch wirelessly to the devices.
“We took this very seriously as soon as we found out,” Metromile CEO Dan Preston said in a phone interview with Wired. “Patches have been sent to all the devices.” Preston says the security update was created by Mobile Devices, and Metromile then transmitted it over the air to customers.
The good news about these attacks is that every single one of them was taken very seriously by the companies. I believe this is a good start in the right direction and that the companies are lucky that there are hackers out there who do this to protect people rather than harm them.
This leads to my next point. It’s not just the companies who are fighting for the security of the IoT, but rather everyone who wants to see it succeed.
The IoT Security Foundation is a non-profit that was built by a conglomerate of tech companies that vet IoT companies and products and try to expose any vulnerabilities that the products may have. Here is the IoT Security Foundation’s mission-
“Our mission is to help secure the Internet of Things, in order to aid its adoption and maximise its benefits. To do this we will promote knowledge and clear best practice in appropriate security to those who specify, make and use IoT products and systems.”
The IoT Security Foundation aren’t the only ones advocating for security. Microsoft, Google, Apple, and even smaller entities like Gemalto and researches at University of South Hampton are working to solve the IoT’s security problem.
Is the future of the IoT bright or bleak?
With this many companies working on the IoT’s security issue, I believe the future is bright. Our world is becoming connected and with over 10 million devices already connected to the internet, there is no going back. So instead of trying to stop it, we must continue to work towards a safe and secure connected future. With the IoT industry projected to reach $9 Trillion in sales by 2020, the IoT industry will attract some of the brightest minds in the world. I believe this will lead to the very important developments in IoT security.
What if the IoT dies before it becomes secure?
Some people worry that the IoT will die out before the security issues ever get fixed. Interestingly enough, studies indicate that while security is a concern for consumers, it hasn’t stopped them for buying IoT devices. The study by Auth0 found that nearly half (49 percent) of respondents don’t trust having their personal and private data tied to IoT applications, but continue to use these devices nonetheless. This shows that even security concerns aren’t stopping IoT adoption like predicted.
What needs to be done to make the IoT actually secure?
In my eyes, there are three main things that the IoT industry needs to focus on.
1. Secure the devices
The first and most important thing is securing the devices. IoT devices are always on and are always connected. That’s the point of them. If the IoT wants to truly succeed, the industry must focus on securing the devices.
2. Secure the data storage repositories
The second most important thing to focus on is the data. The IoT is meant to store mass amount of data. Securing this should be extremely high on the list for every IoT developer in existence. As large data breaches continue to be popular among hackers, data security must be figured out.
3. Solve the issue of over the air updates
Once those two problems are solved, developers then need to figure out over the air updates. When a devices such as the Jeep does get hacked, it is not feasible to send out flash drives to each customer and expect them to install the update. Over the air updates are an absolute must have for the entire IoT industry.
Overall, I’m excited about the IoT. I believe it will become more and more secure as time goes on and that developers and companies are taking the IoT’s security seriously. I believe the IoT will become a very powerful part of our lives and that even those who hate it, will be forced to adapt. So get ready business owners, marketers, developers, and consumers, because the IoT is about to take the world by store.
Do you think the IoT will become more secure? Or do you think security will continue to be placed last among the concerns of developers and companies? Let me know your thoughts below!