Smart Home

The pitfalls of IoT devices and how to address them

Many challenges affect IoT security, and the top issue is that no connected device can be secured 100 percent. What’s worse is that not much has actually improved since Former US Vice President Dick Cheney’s wireless pacemaker was disabled to prevent attempts on his life. That was nine years ago!

Recent DDoS attacks prove that 500,000 devices can be hacked in less than five minutes and turned into botnets, because they haven’t been, or can’t be, updated. Some researchers expect connected devices to reach 50 billion by 2020 while others forecast 20 billion by that date. One thing is clear; the number is growing to four devices per user, at least, and we haven’t seen the worst yet. What will happen when billions of connected devices, with old software, are turned into weapons to attack organizations, cities and even governments?

IoT security is right where we left it nine years ago, although the number of connected devices keeps on soaring. This issue is vital but manufacturers keep ignoring it, while users are as naïve as ever. The only winners in this are hackers, who take advantage of the many opportunities created by the lack of infrastructure to protect IoT and mobile devices.

We’re going through tremendous online transformation, yet the threats we’re dealing with are “beyond the devices used, as hackers will not only target your devices but all the data stored in the cloud,” Emmanuel Schalit, CEO of Dashlane, a password managing company, said in a panel talk at WebSummit last week about how to protect connected devices.

We already know users are a liability, but they also carry great responsibility. Even high-profile officials come up with the weakest passwords and reuse them for multiple accounts. Remember the Podesta email leak fiasco?

Most likely, password security is not the answer anymore. In fact, we need to get rid of them and find a way to secure IoT without involving humans because “consumers have a short memory on breaches,” said Rami Essaid, co-founder of Distil Networks. Instead of demanding better security, users expect dozens of fancy features which only increase security risks.

“Human authentication is not scalable because you can’t type passwords or download firmware updates every day for each device in your smart home,” explained Essaid.

IoT devices are entry points for hackers, but smart homes are not the only areas posing risks to our privacy and safety. Power grids, medical devices, water mains and smart meters collect critical data in real time and, if abused, the consequences could be crucial for entire city infrastructures. These devices need unique in-built security that stands the test of time, even 10 – 15 years from now, so vulnerabilities can’t turn them into backdoors to the cloud. Upgradeability may solve a problem or two, if properly focused on the future, to ensure security holes are detected as soon as possible instead of a year later, as is the case now.

Although governments have made some effort to come up with measures, chances of having unitary regulations for IoT are small, mostly because governments are at least five years behind when it comes to understanding technology and the industry, added Essaid. As we can’t rely completely on governments and manufacturers to fix this problem in the near future, educating users about the importance of online security is the most important step forward.

About the author

Luana PASCU

From a young age, Luana knew she wanted to become a writer. After having addressed topics such as NFC, startups, and tech innovation, she has now shifted focus to internet security, with a keen interest in smart homes and IoT threats. Luana is a supporter of women in tech and has a passion for entrepreneurship, technology, and startup culture.

3 Comments

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • I totally agree with the points discussed here, in future these devices are going to increase and even nowadays people are becoming dependent on IoT connected devices. The worst part is that some of the devices are literally without any security measures and it also collects more than needed data, so even a slightest attack can harm someone’s online presence.

    As the Internet of Things (IoT) continues to gain traction and more connected devices come to market, security becomes a major concern. Businesses are increasingly being breached by attackers via vulnerable web-facing assets. So, as you said definitely it's best that users start taking precautions rather than becoming victims due to silly mistakes made by us.

    • A security appliance is surely a good start. The BOX can not only scan inbound and outbound traffic for IoT devices, but will also scan your devices for vulnerabilities and let you know if your IoT gadgets are improperly confifgured. However, you <strong>should</strong> also check the reputation of the vendor you are buying your devices from. Does it have a history of ditching devices after one year and never provide new firmware for them? Does it take vulnerability reports seriously? If not, you're better off getting similar devices from vendors that do all of the above.