WOT logo

Why early adopters need to think twice about the Internet of Things

IoT security concerns for early adopters

The IoT dream

It’s an exciting time to be alive. With the development of the Internet of Things, we are witnessing the unfolding of the next era in product and computer evolution. As we progress, we shed the past, replacing it with new technological gadgets designed to remove our worries and expand our possibilities. With an expected 6.4 billion devices to be connected to the Internet of Things by the end of 2016, this number is expected to grow to 20-50 billion by 2020. The IoT has only gotten started, and will continue to grow and reach every aspect of our lives.

3 examples of how the IoT improves our lives:

  1. Baby monitors: Want to check up on your toddler while you’re in the other room – or even at work? Just open the special app on your phone and you can see your kid through the camera on your baby monitor in real-time.
  2. Wearables: Smartwatches and fitness devices help us track our activity rates while smartwatches give us updates from our phone in real-time.
  3. Nuclear power plants: Ok, this is a step up in terms of scale – but with hundreds of thousands of pieces of equipment and hundreds of employees per plant, it’s important that every action be closely monitored and analyzed for safety and maintenance, and the IoT helps streamline these processes.

The IoT nightmare

A storm is brewing, and the IoT is at the center of it. As sensors and connectivity become cheaper, more and more things become connected to the internet. However, the moment a device is connected to the internet, anyone can access it with enough sophistication and motivation. Even more concerning, most attacks on the IoT will be invisible and nearly impossible to detect. And this is where the dream gets dark.

  1. Baby monitor webcams have been hacked to show images of sleeping toddlers to the whole internet.
  2. Wearables allow us to track every moment of certain aspects of our lives, such as fitness routines. The more connected they become with our phones and homes, the more these provide access points to our more personal information to the whole world.
  3. Nuclear power plants don’t require much imagination to picture the scenarios that could happen when IoT security goes wrong. Worst case scenario – we have a meltdown on our hands.

For those of us who are gadget lovers and just NEED to have the latest device – it might be better to stave off the urge. While the average person has relatively few wearables and IoT devices in our lives today (0-5), we expect to see “smart” versions of more articles of clothing and appliances in the coming years, and each person will be connected to dozens of IoT devices. Being the first to own a new device that’s connected to the IoT can put you at risk as many of these devices are not built with security as the top priority.

How is it that “smart” devices reaching the market are not secure?

Manufacturers are under pressure from the market to reduce costs so their products are competitive on the market. As a result, development processes are rushed and many devices are brought to market without security being taken into consideration.

According to research by Auth0, 52% of consumers don’t believe the IoT has the proper security measures in place. But a staggering 90% of developers don’t believe proper security is in place for the IoT. Despite low levels of trust and widely publicized scandals with security breaches, demand is continuing to grow, and will likely continue at an exponential rate

The bright side – and what can you do

There is some light in this tunnel we’ve started down. Governments, the community of IoT users and developers are taking the security threats seriously, and calibrating their moral compass. The IoT community is recognizing early on in the life of this industry that without precautions and efforts to minimize vulnerabilities, anyone can abuse IoT user’s privacy in the future. Two such organizations that have come together to create guidelines and raise awareness are:

The IoT Security Foundation – an organization who’s goal is to “promote knowledge and clear best practice in appropriate security to those who specify, make and use IoT products and systems.”

I Am The Cavalry –  “a grassroots organization focused on issues where computer security intersect public safety and human life.” January of this year they released the Hippocratic Oath for Connected Medical Devices, which can be read here.

A couple of IoT security tips

When you get a new device that’s connected to the IoT, ALWAYS change the password. Our tip: make it weird.

Update the software regularly to make sure you get the latest bug fixes and security patches.

Bottom line

Gadgets are cool. We all love having them. Most of all we love getting the latest one and seeing how it works, showing it to our friends and experimenting with how they can integrate with and improve our lives. However, given the state of security risks, it may be better to not to be an early adopter until we get security figured out.

4 Responses

Leave a Reply

Your email address will not be published. Required fields are marked *