Why the Internet of Things is a can of worms and how to keep it sealed

Innocuous devices that the Internet of Things search engine Shodan recently found to be vulnerable to cyber attacks include a teddy bearable to remotely send voice messages and a doorbell with a video monitor that can be remotely accessed by a phone. Unchanged default passwords and poor app configuration were discovered as the most prominent flaws affecting these devices.

Tom Lysemose Hansen, founder and CTO, Promon
Tom Lysemose Hansen, founder and CTO, Promon

Security providers need to rethink basic security functions of IoT-enabled applications before they are put to market. Here, Tom Lysemose Hansen, founder and CTO of Norwegian app security firm Promon, comments on the importance of comprehensively protecting apps that could present a portal for hackers to intrude into the wider lives of their owners:

Introducing a single object into a wireless network that is inadequately protected is a straightforward way of exposing personal data to an intruder. Fortunately, according to the security analyst that identified the threat, no external user exploited the attack vectors. This, however, is beside the point: it is typical that a successful attack vector could remain open to exploit data for some time before it is identified and patched.

Part of the vulnerability is due to the ease with which consumer goods can be cracked. If the default passwords are not changed – and I suspect with childrens’ toys this is the case – bypassing them is relatively simple. A patch can be introduced retroactively, but until then, the device could be a single entry point into an entire private network, enabling hackers to uncover sensitive data or relay false information. The model of using default passwords must be put to bed if IoT is to become an integral feature of domestic life, otherwise its associated dangers will overwhelm any perceived benefits.

According to Gartner, by 2020 a black market worth more than $5 billion will exist to sell sensor and video data extracted from IoT devices. This data will allow criminals to access privately held consumer information through man-in-the middle attacks, where attackers can drain data from customers’ accounts through an approved external request.

The developers of applications are all too eager to crack the simplest and least demanding way of controlling a device remotely, but – in order to maintain IoT’s pace of growth without muddying its image – adequate security must be developed in tandem.

The security of the IoT hinges on the apps used to access, monitor and control the device – whether it’s a mobile app used to control a doorbell or a teddy bear. It is crucial this app is able to self-protect, otherwise sensitive data, such as passwords, may be leaked and misused. Ideally, the device should verify that it’s being accessed from a trusted app, and this verification process should not rely on single static factors, like default passwords, but multiple factor authentication to ensure the integrity of the private network.

While the implications of a hacked banking application are widely recognised, wireless consumer goods now pose an uncertain threat. How app developers and manufacturers handle these threats will determine the success and legality of their entry into the consumer IoT market. It’s important that these early incursions on unsafe networks are nipped in the bud with effective security measures, namely the replacement of ineffective or unavailable anti-malware software with perennial in-app security and a more individualised, user-friendly password system.

The author is Tom Lysemose Hansen, founder and CTO of Norwegian app security firm Promon.

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow

FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
RECENT ARTICLES

A good connection is not just for Christmas

Posted on: November 25, 2021

Peak season trading this year is set to be more difficult than ever for retailers. Unprecedented supply chain disruption is threatening to decimate stock levels. Post-COVID customer behaviour is unpredictable with some customers relying ever more heavily on ecommerce; others heading to the high street to get ahead on Christmas buying in response to fears

Read more

stc announces partnership with Sensoneo to drive smart waste management

Posted on: November 25, 2021

Riyadh, Saudi Arabia. 24 November 2021 – stc, the ICT specialist driving digital transformation in the Middle East and North Africa, has announced a partnership with Sensoneo to provide customers in Saudi Arabia with the most reliable and easy-to-deploy smart waste management technology. Sensoneo is a provider of enterprise-grade smart waste management solutions.

Read more