There is a lot of talk about how the Internet of Things (IoT) is making our homes smarter, which effectively boils down to making our lives more comfortable, reducing energy consumption and creating opportunities that were previously inconceivable. But as our homes become “smarter” from a utilitarian perspective, they are becoming dumber from a security point of view, and they are opening up some pretty nice opportunities for burglars, cyber-criminals, and anyone who wants to do us harm to carry out their evil deeds.
IoT doorbells that can reveal your WiFi keys, Barbie dolls that can spy on your kids and fridges that give away your Gmail credentials are just some of the vulnerabilities that have been discovered in recent months.
Many problems and mistakes are lending to the lack of security in IoT space, the least of which being that the industry is still in its infancy. We’re feeling our way in an uncharted territory and there is a serious lack of security standards to regulate vendors and manufacturers, and there are too many evolving and moving parts. This effectively pushes developers and manufacturers to create products with functionality as the main focus, security as an afterthought.
This is an approach and attitude that needs to be changed, and eventually will change, if IoT is to survive and become one of the biggest things that happened in human history. There are already some hopeful signs that it is being taken more seriously, including a government-led solicitation aimed at encouraging IoT security improvement, and the establishment of the IoT security foundation, a body dedicated to vetting new gadgets and setting standards for IoT security.
But the one thing that will remain constant for the time being is the fact that many IoT devices are inherently unsafe, because they lack the necessary hardware and software infrastructure to deal with the multitude of threats they face in the cyberspace.
Antivirus software and sophisticated security and encryption protocols require a minimum amount of processing power and storage capacity, which is easily found on generic computing devices such as PCs, laptops and most smartphones. But such isn’t the case with IoT devices such as smart light bulbs, sensors and kettles, which have been equipped with low-end processors and little-or-no storage capacity in order to keep the costs and energy consumption low. Some of these devices don’t even have a stable operating system.
Updates are also an issue. Many devices don’t have any mechanisms for automated or OTA updates and the task is left to the user. Some devices don’t even have any updating mechanism at all and are doomed to live their entire lives suffering from whatever vulnerabilities they were initially created with. I don’t know about you but I don’t like the idea of manually updating tens and dozens of devices scattered across my home through unintuitive interfaces. And I’m a software developer, which means I’m used to seeing CLIs and buggy software interfaces. I don’t even want to muse on how the average user feels.
So effectively, these devices are being sent into one of the most hostile and toxic environments in the world (i.e. the internet) without the means to protect themselves. And the worst part is that not only are they defenseless against hacks, but in many cases they open up attack vectors and other loopholes for hackers to exploit and become beachheads for bigger breaches in networks.
Now why do I say homes are especially “dumber” and more vulnerable? Simply because that’s what they are: homes. They’re not huge enterprises or even small and medium businesses that have a minimum IT and security staffing who are at least trained in the basics of cyber-hygiene and -security. They don’t have sophisticated network security solutions that can peruse and analyze gigabytes of network traffic per hour and block most threats before they even reach the end-device. They are run by average people who might not have the least idea of the threats they face when they use repetitive passwords or fail to change default passwords that are set on their devices.
That’s why we need smart solutions that can assist smart-homes in maintaining the security of the dozens – and very soon hundreds – of dumb devices they house. I love IoT and truly wish to see it grow to become the phenomenon it is destined to be. There’s just so much that needs to be fixed. I’ve written about consumer-level solutions that help address IoT security issues in home networks. I’ll be tackling this issue again in my future articles.