World News Tomorrow – Technology news
The internet of things. A mystery for some and a world of wealth for others. But mostly predominated by recent events like in the US where in big parts there was no internet for a while.
But there are unfortunately other recent developments showing attacks through servers managing connections with IoT devices. Known to be the largest DDOS attack using IoT infrastructure so far. This unprecedented event has risen big questions how IoT devices are being secured and if they are secured at all.
IoT devices are regarded as one of the biggest hypes and fit into the “gadget mindset” of many people. Using the smartphone is a part of acquiring access to these devices. People owning such devices, varying from camera’s to complete house control systems, can control them with apps on their smartphone.
Most of the developments of these devices are commercially driven and time is often of the essence. Putting the product on the market first is key for ensuring your position before the competitor does.
A slightly different image is seen with startups. These commercially driven start-ups have cash raised to develop the product and security is not a top priority. There is often just enough to acquire funding for the prototypes and ensure the testing of the equipment is according to regulatory and compliance affairs.
As far as Security is concerned there is limited legislation providing guidance to developers. This guidance is of the utmost importance. The events we spoke about are the signs of bigger events to happen. So the question we can ask is whether or not IoT is safe?
For that, we need to divide the matter into sections. The IoT devices and the IoT communication infrastructure. The lack of security measures and possibilities in security management has created a weakness to be exploited. Connecting to these devices is often done through open lines. So once “hacking” access to the device, it is fairly easy to follow further connections from the device to smartphones, Laptops, WiFi routers.
As security is not enforced by any regulation we see these devices being openly accessible not only in private homes but also at government sites and sites in critical infrastructure (power, gas, communication, water and even military sites).
IP-cameras are forming a favorite target as they give access to surveillance of critical aspects of either people’s homes or critical parts of buildings, sites and important locations.
The above commercial from a Dutch insurance company could not have made clearer where the dangers from IoT lay. The gadget-level of these solutions have a tremendous attraction to the public and there is little to no sense of security.
To make matters worse IoT data is harvested in an automated fashion where there is no control over who harvests it, where it’s going and who uses it. It is also unclear if and how producers create backdoors in their devices to enable harvesting of information for any third parties.
Is it all doomsday information or is there also good news? Luckily there are some private open source developments that shows one can develop products and services with good security in mind. However, they are thinly spread and struggling to get funding for their projects.
Legislation enforced by governments is what is needed to forcibly create this layer of security that we all currently suffer the consequences from. It needs to become a “top priority of all governments” to safeguard their people from being harmed by attacks.
Whether it is in their homes or through easy access to IoT devices on critical sites.
The issue of security is not addressed for the general public and certainly many of these products are used in critical infrastructure completely unsecured. The remaining question is if governments will step in to turn the tide?
By editor in Chief