SIP eBook 2014 expertIP top banner update
News / Security /

Playing it safe with the Internet of Things

More than 25 billion smart devices will be online by 2020, and Gartner says most businesses aren’t investing enough in IoT security — we’ve already seen some ugly missteps. Here’s why identifying vulnerabilities and upgrading your cyber-security framework should be a priority.


ID-100263210 copy

I’m looking forward to the day my smart refrigerator tracks my coconut water consumption and automatically reorders when my supply is low. As a geek who uses smart devices to track fitness and health statistics, I can see the potential benefit of effortlessly sharing that information with my family doctor.

Like many people, I’m curious about the promise held by the Internet of Things (IoT) as more than 25 billion smart devices are enabled by 2020. I’m also worried about potential hacks and privacy violations.

Some of the most worrisome cases of IoT hacks have involved medical devices with detrimental — and sometimes fatal — consequences on patients’ health, according to a recent Techcrunch article.

“Wearables also can become a source of threat to your privacy, as hackers can use the motion sensors embedded in smart watches to steal information,” writes Ben Dicksen.

Understanding which vulnerabilities pose the biggest threat is important. The Open Web Application Security Project (OWASP), which has been studying IoT threats for several years, cites the top three vulnerabilities as an insecure web interface, insufficient authentication and insecure network services.

According to Gartner’s recently released report on Security for the Internet of Things, the IoT introduces a range of new security threats and challenges — to IoT devices, their platforms and operating systems, their communications, and even the systems to which they’re connected.

But most organizations aren’t giving IoT security its due. Gartner reports the majority allocate less than 10 per cent of their IT security budget to IoT, despite the fact that more than one-quarter of enterprise attacks will involve IoT.

It’s a bit like cat herding, and given the early days of development and the rush to market with products and platforms, we’ve already seen some ugly missteps.

Samsung may have jumped the gun with its SmartThings platform, according to The Verge. Researchers at the University of Michigan uncovered multiple design flaws in the platform that “could allow a malicious app to unlock doors, set home access codes, falsely set off smoke alarms, or put devices on vacation mode, among other attacks.”

Similarly, webcam vulnerabilities were exposed when IoT search engine Shodan launched a section that lets users browse webcams, including images of marijuana plantations, back rooms of banks and children.

Although the cameras used the Real Time Streaming Protocol to share video, they didn’t have password authentication in place, explained cybersecurity reporter J.M. Porup in a post from Ars Technia UK.

“Shodan’s image feed highlights the pathetic state of IoT security, and raises questions about what we are going to do to fix the problem.”

Network and systems administrators in the research or execution phase of IoT projects should use scenario-driven approaches when provisioning solutions, advises Gartner.

“Do not attempt to acquire a ‘one size fits all’ product or service at this stage. The number and type of IoT devices and support systems will continue to resist clear classification at least until 2018.”

Gartner also recommends upgrading cyber-security frameworks by assessing integration points in networks for IoT and determining gaps in capability and infrastructure.

To stay safe, companies will need to invest in IoT security. For better monitoring, detection and shielding of IoT, Gartner suggests allocating between five and 10 per cent of your IT security budget.

Image courtesy of Free Digital Photos

SIP eBook 2014 expertIP bottom banner update
Comments are closed.