Having set up petcams in my home to remotely monitor my new puppy’s behaviours with my 4G smart device when I am out, I was reminded about Shodan, the search engine that looks for IoT devices such as webcams and makes their streams available for viewing by anyone on the internet.
Shodan collects data mostly on web servers (HTTP) as well as FTP, SSH, Telnet, SNMP, SIP, and Real Time Streaming Protocol (RTSP). The latter can be used to access webcams and their video stream, says Rod Jones vice president Product Marketing at AdaptiveMobile.
Now fortunately I am not the type to go with default passwords so am pretty sure no one hacked into my PTZ cameras and peered around my house uninvited. But the point remains that today, most of the consumer devices that sit on the Internet under the IoT, M2M or Embedded Device umbrella are not designed to defend against the sophisticated hacks or threats that may attempt to compromise them. See Kapersky’s comments entitled Internet of Crappy Things.
While Shodan is possibly a dangerous tool, it is a good example of what could happen when devices with weak security are allowed to permeate and pervade our lives. So what of the bigger promises of IoT, is it really the next technology trend that could change the world?
Forbes have collected the latest IoT forecasted and predictions from Forrester, Machina Research, WEF, Gartner and IDC:
Gartner predicted spending on IoT services will reach of $235 billion in 2016, up 22% from 2015.
IDC predicted that by 2018, 66% of networks will have an IoT security breach.
Will security concerns slow IoT adoption? Will IoT security become a significant component of security budgets?
With IoT applications spanning smart cities, intelligent buildings, agriculture, environment, utilities, medical, automotive and more, there is clearly a need to design security in from the start.
The overall security problem stems from the fact that these IoT devices:
- May tend to go unchecked by humans for long periods of time
- Are often designed for a long life but with limited upgrade potential
- May be non-mobile and so difficult to access, service or repair
- Are often less technically sophisticated than other smart devices so have less scope to build in security
So, with threats ranging from door and car hacking, through medical data being intercepted, right up to national security, and many if not most devices currently not designed from the outset to be secure from sophisticated threats, perhaps reducing the reliance on the devices own security and pursuing a network based approach is the way to go.
This too will overcome some of the immediate issues of IoT device security standardisation currently emerging, such as Underwriters Labs refusing to freely share their new IoT cybersecurity standard.
Whilst IoT device security remains a difficult nut to crack, Operators able to secure embedded devices directly on their networks today will undoubtedly be able to attract a large portion of the 50 Billion IoT devices that Cisco predict will connect by 2020… maybe by then IoT device level security will be less of a threat to us all.
The author of this blog is Rod Jones vice president Product Marketing at AdaptiveMobile
Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow