The Internet of Things has seen unprecedented growth the past few years. With an explosion of commercial products arriving on the marketplace, the Internet of Things has entered the public lexicon. However, companies rushing to provide IoT devices to consumers often cut corners with regard to security, causing major IoT security issues nationwide.
In 2015, hackers proved to Wired they could remotely hack a smartcar on the highway, kill the engine and control key functions. Dick Cheney’s cardiologist disabled WiFi capabilities on his pacemaker, fearing an attack by a hacker. Most recently, the October 21st cyber attack on Dyn brought internet browsing to a halt for hours while Dyn struggled to restore service.
Although the attack on Dyn seems to be independent of a nation-state, it has caused a ruckus in the tech community. A millions-strong army of IoT devices, including webcams and DVRs, were conscripted with a botnet which launched the historically large denial-of-service attack. Little effort has been made to make common consumers aware of the security threats posed by IoT devices. A toy Barbie can become the back door to the home network, providing access to PCs, televisions, refrigerators and more. Given the disturbing frequency of hacks in the past year, IoT security has come to the forefront of top concerns for IoT developers.
SECURING CURRENT DEVICES
The amount of insecure devices already in the market complicates the Internet of Things security problem. IoT hacks will continue to happen until the industry can shrink vulnerable devices. Securing current devices is a top priority for app developers. Apple has made an effort to combat this problem by creating very rigorous security requirements for HomeKit compatible apps.
The European Union is currently considering laws to force compliance with security standards. The plan would be for secure devices to have a label which ensures consumers the internet-connected device complies with security standards. The current EU labeling system which rates devices based on energy consumption could prove an effective template for this new cybersecurity rating system.
ISPs COULD BE THE KEY
Internet service providers could be a major part of the solution when it comes to IoT Security. Providers can block or filter malicious traffic driven by malware through recognizing patterns. Many ISPs use BCP38, a standard which reduces the process hackers use to transmit network packets with fake sender addresses.
ISPs can also notify customers, both corporate and individuals, if they find a device on their network sending or receiving malicious traffic. ISPs already comply with the Digital Millennium Copyright Act which requires internet providers to warn customers if they detect possible illegal file sharing.
With the smarthome and over 1.9 billion devices predicted to be shipped in 2019, IoT security has never been a more important issue. Cyber attacks within the US frequently claim the front page of the mainstream media. CIO describes the Dyn attacks as a wake-up call for retailers. The combination of a mass adoption of IoT and an environment fraught with security concerns means there will be big money in IoT security R & D and a potential slow-down in time-to-market pipeline for IoT products.
Will the federal government get involved in instituting security regulations on IoT devices, or will it be up to tech companies and consumers to demand security? Whatever the outcome, this past year has proved IoT security should be a major concern for developers.