Posted By Simon Montford on April 1, 2016
It is generally considered that the IoT is a good thing. This is because it will make cities cleaner and more efficient, add trillions of dollars to the global economy by increasing productivity, and comes with the promise of making our lives longer, healthier, and happier. That's the good news, but as the number of devices connected to the Internet increases, so too will the risks associated with security breaches.
Industrial equipment and other strategic assets will become increasingly attractive targets, as will our personal data. This is because devices worn on our bodies, embedded within us, and located within our homes will continually harvest huge volumes of extremely personal information about us. This data containing details of our location, finances, health, and more will become potential gold dust to third parties. This is fine if the data is shared with our consent, and used for valid purposes, but if it is hacked the consequences could be dire. Potential hazards include identity theft, blackmail, and harm to people and property. Examples of worst case scenarios include interference with medical devices, hijack of autonomous vehicles, and destruction of critical national infrastructure.
Within the context of consumer electronics, the nature of security breaches will increasingly become personal. For example, someone may use a smart domestic appliance which is not adequately protected, to gain access to a home's wi-fi. This could result in the hacker being able to circumvent security systems such as connected doors and window locks, snoop on the family's email, and spy on them via their webcam, smart TV, and baby monitor.
The good news is that there are ways to increase security thereby preventing breaches. Connected devices are often easy to hack because either the consumer hasn't set the device up properly, or they haven't entered a sufficiently secure password. By simply ensuring that devices are installed adequately, risks can be mitigated. The burden of responsibility does not, however, fall entirely on the consumers' shoulders. Often OEMs take an "MVP mindset", which means that they are more concerned about building and shipping products, than they are about security. MVP stands for Minimum Viable Product, and is a mantra used by many startups, the kinds of scrappy organisations that raise money via crowdfunding sites like Kickstarter. On the one hand they should be admired for their "move fast and break things" approach, but on the other they need to understand that although a "ship and forget" attitude may be tolerated by technically sophisticated early adopters, it won't wash with general consumers.
This, and other topics relating to the security of connected devices and the IoT in general, were covered during the most recently IoTEdinburgh Meetup. The audience heard three excellent talks, which are now available to watch in full via Youtube, or you can click on the following embedded videos (below).
Robert Hayes (Microsoft Enterprise Cybersecurity Group)
Robert has a unique profile of skills and experience, which has enabled him to become a trusted and valued strategic advisor to Ministers and senior leaders in the global public and private sector. He is a high profile keynote speaker, with an excellent media presence, who uses his exceptional personal network and refined influencing skills to open challenging, but important doors for the organisations he has worked for.
Roger Whiteley (Fujitsu Distinguished Engineer)
Roger's primary skill is that he makes things work in harmony, which is becoming increasingly paramount in the era of the IoT. This is because there is an urgent need by companies and end-users to stitch the new generation of connected objects together so that they can be made to operate in a more intelligent, co-ordinated way. Roger is an IT veteran, and archetypal geek. He has a passion for science, technology, architecture, and the environment. His career started in the ear of Basic and COBOL, but today he programmes in Python, HTML, and... Scratch!
David Rogers (Founder and CEO at Copper Horse Solutions)
David Rogers chairs the GSMA Device Security Group, sits on the Executive Board of the IoT Security Foundation and teaches the Mobile Systems Security course at the University of Oxford. Copper Horse Solutions provides mobile phone, IoT and connected car security expertise. The company is currently developing products for the Internet of Things as well as developing software for various mobile and IoT platforms.
© Simon Montford (WEB3IOT), 2014-2019. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Simon Montford and WEB3IOT with appropriate and specific direction to the original content at web3iot.com.