Whether it’s using Amazon Echo to control the heating and lighting in your home, remote analysis and diagnostics of your car’s performance, or the intelligent, automated management of your work environment, the Internet of Things (IoT) has already made its way into many aspects of the way people live and work today. And it’s only set to grow, with experts predicting as many as 30 billion connected devices worldwide within the next three years, a number set to reach 80 billion by 2025.
Of course, it’s inevitable that, as the number of connected devices continues to grow, so too will the volume and variety of vulnerabilities that will accompany them, not to mention the potential impact these could have if exploited.
A design flaw that affects the controller access network of most modern cars, for example, has been identified which could allow attackers to disable a vehicle’s safety features, such as its ABS brakes, power steering and airbags. And in the US, over 465,000 patients fitted with a particular connected pacemaker have been advised by the Food and Drug Administration to visit their doctors for a firmware update, in order to address weaknesses that could potentially lead to the device being exploited by hackers and the patient’s health put at risk.
Many such vulnerabilities may have existed for years, lying dormant, and are only now being discovered. As more connected devices are adopted and put into use, they will be increasingly interesting targets, a trend that is likely to continue for some time.
Safety and security as one
The IoT doesn’t only refer to consumer devices. The rise in automation in the manufacturing and engineering sectors has seen the advent of the Industrial Internet of Things (IIoT), which itself has led to something of a shift in mind-set as the technology brings the operational world and the IT world closer together.
Considerations around safety in the industrial workplace, for example, have traditionally been concerned with the physical protection of employees. However, as factory floors become increasingly connected, the concept of safety will become more closely intertwined with that of device security. It stands to reason that, when an entire manufacturing plant is made up of connected devices, its cyber security will be improved in order to ensure that not only are the factory and the machinery within it better protected from outside threats, but so too is the safety of the workers.
Security baked in from the start
With a growing number of hacks and breaches hitting the headlines on an almost daily basis, it’s little surprise that consumers are becoming increasingly security conscious. Awareness of issues around the security of devices, and the potential implications of any vulnerabilities being exploited, has not yet reached the point at which it will meaningfully affect consumer purchase decisions; however, the tide will begin to turn.
Manufacturers must take steps to properly address known vulnerabilities as well as have a process to correct vulnerabilities that are discovered efficiently and securely, or consumers will lose trust in their products, their brand and even the Internet of Things devices themselves.
>See also: The impact of the Internet of Things (IoT)
Manufacturers of connected devices will need to incorporate best practices and increase the rigour of the security design of their products. Consumer devices in particular, with a focus on flashy features and low prices, are often shipped with poor default security such as hardcoded passwords that users are unable to change, potentially opening the door to unwanted administrative logins from remote attackers.
To counter such issues, manufacturers will need to focus more on core software security; to be enforce and audit that it is developed using best practices, tested for vulnerabilities, and that there is a mechanism in place to ensure the authenticity and integrity of any future patches and feature updates.
Securing the IoT isn’t necessarily an easy thing for manufacturers to get right, but security should be viewed as an enabler of the IoT’s growth, rather than a barrier, and baked in from the start.
Those companies that can get this right will gain a huge competitive advantage over those who do not. And, commercial considerations aside, ensuring consumer trust in the security and safety of connected devices will help the IoT to flourish and grow, for the benefit of everyone.
Sourced from John Grimm, senior director of IoT Security Strategy, Thales eSecurity