Helpful Tips For Securing The Internet Of Things
The Internet of Things (or IoT) has become one of this decade’s leading areas of technological progress, but unfortunately this has created avenues for malicious behavior.
Formerly passive offline devices are gaining a degree of sentience that would have seemed inconceivable a decade ago, recording and uploading data to internet portals about the minutiae of our lives. Even humble toothbrushes are now available with accelerometers and magnetometers that record pressure and movement during brushing, before uploading daily cleaning reports to the user’s dentist.
The IoT is transforming our lives, yet much of the data being generated is transmitted through unsecured networks with scant consideration for the risks of hacking or tampering. A report last month by internet security specialist BullGuard concluded that 66% of consumers are “very worried” about possible breaches of their data or hacked devices, yet almost three quarters of respondents don’t know how to protect themselves and their devices against security breaches. There are no common security standards across IoT-enabled devices, and consumers can’t reasonably be expected to know how to hack-proof a web-enabled thermostat or garage door.
These fears about data security are shared by senior politicians. The US Director of National Intelligence said recently that intelligence services might use the IoT “for identification, surveillance, monitoring, location tracking…or to gain access to networks or user credentials.” If governments are already anticipating such activities, it’s probably safe to assume that criminals, confidence tricksters and vengeful former partners won’t be too far behind.
What can be done to secure the Internet of Things?
The first step is to improve your technical knowledge. It’s vital to have a basic understanding of what data is being shared, which means reading the small print of IoT device documentation and checking what access privileges smartphone apps require. Location data is fine to share, but access to personal photo folders is not. Few of us want to study this small print, but it’s crucial for understanding how a smart TV or app-controlled burglar alarm really work.
Improving domestic security is also paramount. Many people use Wi-Fi routers without a password, or with the manufacturer-supplied password, yet IoT devices can unwittingly become gateways to a home or office network if the router is unsecured. The introduction of servers and firewalls should be investigated, two-factor authentication should be deployed whenever it’s offered, and consumers should use sophisticated antivirus software. A shocking 44% of BullGuard survey respondents thought antivirus vendors were responsible for securing IoT devices, which is more than the number of people who thought the device manufacturers were responsible. That suggests many people have no idea how internet security actually works, which in turn leads us back to step one above.
It should be acknowledged that manufacturers of IoT-enabled devices are recognizing the potential for security breaches, and an estimated $350 million will be spent this year on global IoT security. However, the complexity of introducing AES cryptography or digital signatures into low-cost gadgets will inevitably increase their price, and it’s important that consumers are willing to pay more for better security. Bio-identification or geographic restrictions on operation might seem unnecessary for an app-controlled coffee machine, but such safeguards may ultimately be needed. After all, any IoT device can present a security risk to a user’s home or place of work – or both – if it’s networked but unsecured.