Why it will take a horrifying breach to finally address IoT security weaknesses

Pat Clawson, CEO at Blancco Technology Group

If you look at figures from Accenture, I can see why so many people are enamoured by the possibilities and benefits of the Internet of Things (IoT) – 13% of homes already have one or more IoT devices and 69% will have an IoT device by 2019.

No one, certainly not me, said Pat Clawson of Blancco Technology Group, is denying there are inherent benefits of being able to control temperature, lighting and home security settings from a smart device. But all of this hype, excitement and hoopla around IoT has been somewhat shortsighted.

In the rush to be the ‘first to market,’ we’re seeing auto manufacturers pushing hard to integrate IoT into their latest vehicle models. While I was in Barcelona last month for Mobile World Congress, I saw elaborate displays and heard top executives from Ericsson, Fujitsu, Ford, Mercedes and Porsche talking about their latest connected products and initiatives.

But in all of these conversations and displays, there was little to nothing mentioned about how all of the data being connected to those products would be secured and protected. While this was disappointing, I cannot say I was all that surprised.

In one particular panel session at MWC titled “Securing the IoT,” I heard security experts from Intel, Philips Lighting, Telenor Connection and Sophos say not once, not twice, but almost a dozen times, “there’s no magic bullet when it comes to IoT.”

And many of the session’s panelists seemed preoccupied with IoT users’ exposure to software vulnerabilities and poor security practices such as the use of default or weak passwords. They aren’t alone in these concerns. Last September, the FBI issued a massive warning citing, “deficient security capabilities and difficulties for patching vulnerabilities in these devices, as well as a lack of consumer security awareness.”

blancco2But when I see these kinds of warnings or hear experts talk about IoT, I keep wondering to myself: Those are valid security concerns, but what happens to the data when people move out of their connected homes, or sell their connected cars, return their connected rental cars and resell their smart alarm systems and thermostats to make some extra money? What types of safeguards can those products and their manufacturers provide to guarantee data privacy for users? What types of data removal methods are secure and reliable?

As easy as it is to say ‘there’s no magic IoT bullet,’ failing to go past that is a disservice to users. Steps need to be taken to shore up the many security gaps and weaknesses that exist in IoT – not just in terms of malicious attacks, but also in the very real and common scenarios of erasing the data when it’s time to discard or resell those smart products. And I know I’m not alone.

Each year around 11% of the UK population moves to new homes and with more and more people renting flats well into their 30s, that figure is only likely to increase. And the increasing popularity of sharing economy sites like AirBnB and HomeAway means many properties have a rapid turnaround of temporary residents. So we need to be building data removal capabilities into these products and services with the expectation that they’ll have multiple owners.

The devices themselves are often set up to routinely access and store data. They even proactively encourage us to connect them to everything from our mobile phone to our Facebook account, delivering a seamless user experience. For as long as a person lives in their home, there is a valid reason for such technologies to have these access rights.

But the moment a person vacates their home, these connected systems simply become an unnecessary data store that we no longer control. At this point, it’s imperative that we provide users with a simple means of ensuring all personal data is verifiably removed.

In the short term, it could become a real point of differentiation for IoT manufacturers wanting to reassure customers that they have built in the necessary data privacy controls. In the long term, I can only hope it becomes a condition of entry to the more established IoT platforms.blancco3

Most manufacturers have so far focused their efforts almost exclusively on ease of use and the customer experience. But users’ privacy needs to be given equal precedence. It’s much easier to build devices with such protections in mind than to try to retroactively enhance security protocols at a later stage.

I worry that the only way this will finally change is when a massive and horrifying breach occurs as a result of failing to remove data from an IoT product. If we keep going at the current pace, it could happen quite soon. Why does it feel like not enough companies and people are worried about this?

Making this a reality is perfectly achievable. But it requires a few things to happen. First, there has to be a true admission from both manufacturers and security experts that failing to remove data from smart/connected ‘things’ poses a very real and serious security risk to individuals. Second, it requires changes to the way products have traditionally been developed, launched and even marketed.

Going forward, IT and data science teams need to be invited to participate at the earliest stage alongside product developers, UX/UI designers and engineers. Only then will we have the full range of perspectives and skillsets required to boost adoption, protect personal information and improve the customer experience. And even in the marketing stage after a product is officially available for purchase, we need to see data removal and security become part of the messaging and advertising.

The author of this blog is Pat Clawson, CEO at Blancco Technology Group.

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow

FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
RECENT ARTICLES

Bluetooth Range and Reliability: Myth vs Fact

Posted on: September 21, 2021

As Bluetooth is becoming more and more ubiquitous in smart homes, buildings, and factories, there are many myths about what the wireless technology can and cannot do. In fact, its capabilities go far beyond its use in consumer electronics and enables a wide range of professional solutions in commercial and industrial environments. Here are some of the common myths around Bluetooth – and the lesser-known facts

Read more

OQ Technology reveals patent portfolio in the US and Europe to improve satellite communications

Posted on: September 21, 2021

5G satellite operator OQ Technology has revealed six pending patent applications in the USA and in Europe that will improve satellite-based IoT and M2M communications in remote locations. OQ Technology’s patent applications include a “wake-up” technology for satellite IoT (Internet of things) devices, IoT device localisation, frequency and timing synchronisation, inter-satellite link technology and satellite

Read more