Just after I added some items to my Amazon shopping cart with my Echo and checked my heart rate on my Moto 360 (adding items to a shopping cart can be exhilarating), I came across this piece from Melissa Palmer. Gulp! Nothing like realizing you’re already surrounded by Internet of Things devices while reading about profound insecurity in the still nascent ecosystem!
I say nascent because IoT still hasn’t passed the Parent Test™ for me. I knew we’d hit smartphone maturity in 2011 when my mom finally got the iPhone bug. So we’ve got a few years until IoT hits what I would call robust adoption. Still, with the cheapness of compute and connectivity, the barrier for entry into the IoT space is incredibly low. This puts it at odds with most other technology trends that would impact security. Consider the PC had over a decade in business before it hit mainstream adoption, and the market didn’t saturate until long after. Even with that extremely long tail, security continued to be an issue (spoiler: still is). These were made by vendors with a considerable market and brand presence, who would be directly impacted by perceived (or real) security issues. In this environment, security threats still persist.
Now image IoT, which is still in its infancy. Amazon and Samsung have an early presence in the space, but it’s still wide open with a ton of new players. In the piece, Melissa points to the recent use of IoT devices in botnets, pointing out the exceedingly basic security vulnerabilities. Things like not being able to push automatic updates. My favorite is having the login and password both be “admin” with no way to change it.
There seems to at least be awareness that the situation is bad, with the Department of Homeland Security putting out guidelines for IoT. I guess crashing the East Coast’s Internet will do that to you.
But in the piece, Melissa rightly observes that a lot of this comes down to consumer perception of these devices. As IoT creeps into dumb appliances (thanks Samsung Smart Fridge!), consumers must be educated that these are now vulnerable. Right now, the companies pushing IoT just want to laud the benefit of a Crockpot with Wi-Fi. It’s really tough to do that while also warning them of security threats.
Some of these security issues will hopefully pan out as big players come to dominate the IoT market. Right now, there’s a bevy of fly-by-night OEMs dumping product into the market, with little incentive other than to sell as many units as possible. Theoretically, there will be a huge market incentive once a major brand comes in to clean up security. Of course, if this idea always worked, we wouldn’t have seen Samsung’s Note line literally go up in flames.
Just about everything has the potential to be Internet connected these days. Your watch, your car, your refrigerator, your house, the list is endless. This also goes far beyond the things we’re used to connecting to the Internet such as computers, phones, and cameras. The term Internet of Things, or IoT, has been coined over […]
Read more at: Securing the Internet of Things
- TELoIP and the SD-WAN Cook-off - April 21, 2017
- The Future of On-Prem in a Cloud World - April 21, 2017
- Rook is the New Flocker? - April 21, 2017
- Virtualization and Containers: All of This Has Happened Before - April 11, 2017
- TCP Terminators: An Expert Analysis - April 11, 2017
- Qumulo Secures Round C Prime Funding – My Conversation with Bill Richter - April 11, 2017
- CapEx on Cloud up 22% in 2016 - April 10, 2017
- IPv6 Hits the Weekend, Network Engineers are Programmers, and Epoch Rollover Considerations in Gestalt Networking News 17.5 - April 7, 2017
- Remembering the IBM 1403: Hammer Time - April 5, 2017
- AWS Coming to Sweden in 2018 - April 4, 2017