Smart spies and how to secure the IoT future

Richard Parris, CEO, Intercede

Both Cisco and Ericsson forecast there will be approximately 50 billion connected devices in operation globally by 2020. Whatever the exact figure, we can predict one certainty: IoT will play an increasingly dominant role in our lives, redefining them as we know it.

What we cannot guarantee, though, is that this IoT ecosystem will be safe, secure, reliable and robust.

In recent years we have witnessed the damage wrought by IoT security breaches, including the world’s largest botnet hack on Dyn last year. Many smart devices are inherently insecure, with operating systems and networks which facilitate the connections also at risk from infiltration and manipulation, says Richard Parris, CEO, Intercede.

The IoT is slowly entering fields like healthcare and energy, and if we consider the damage lax security can cause at present, just think how severe this could be in more critical environments. If security is not addressed by all parties now, the rosy vision of a connected world of the future will never be a reality.

A spy in your living room?

It was over a year ago when we discovered that users of IoT search engine Shodan were able to browse and access insecure webcams. These users could then watch and relay the images recorded on these devices, which included everything from footage of schools and shops to a sleeping baby.

Hackers set their sights on a much larger target last November, when reports emerged of Mirai malware – which utilises insecure smart devices – being used in an attempt to bring down the entire internet infrastructure of Liberia. Fast forward to 2017 and we hear the news that the UK’s MI5 has allegedly colluded with the CIA to help create malware for infiltrating Samsung smart TVs.

Establishing digital trust

IoT technology may be progressive, but the security aspect of this ecosystem is trailing far behind. Until now, there has been little effort to create relationships between those involved in the IoT landscape, yet this will be crucial in order to ensure a security and impenetrability. Consumers are already benefitting from smart gadgets, and as the IoT moves into fields like healthcare and transport, building a chain of trust will be of more pressing concern.

The number of parties involved in the IoT chain for any smart device means that one weak link can jeopardise its security. Therefore, digital trust must be established at every touch-point in the vast web that facilitates and powers devices. The Trust Continuum proof-of-concept has created a foundation for this end-to-end model, which now needs to be replicated on a global scale.

Establishing digital trust across the entire IoT chain necessitates close collaboration on every level. This begins at the inception of every smart device, and requires trust and key management infrastructure to be built into the very hardware – the silicon chips – at the design stage, making them ‘trust-ready’.

These security features can then be activated and further relationships established between the ‘trust-enabled’ device and subsequent elements in the lifecycle of the device. From the software programming, apps, connections, services, and data centres; to the people, businesses, hardware, and virtualised infrastructure: all must work together to deploy and manage trusted services, improve the end-user experience, and ensure that the IoT is safe and profitable.

More must also be done to make it easier for developers to integrate security into their products and allow updates in real time to ensure the delivery of secure services across any number of platforms.

It is vital that a smart anything is running authentic software, for example, so that mutual trust can be created between the device and server, and from there the services it accesses via the server. This trust must then be continued; between the multiple cryptographic touch-points between IoT node and the cloud.

It is only when all entities and all relationships in the chain are managed in this way that hackers can be prevented from invading the ecosystem and compromising the digital exchange.

A working group to champion this idea has been a positive start. And tech companies have begun to come together to address the lack of cyber security standard around the IoT.

But what’s needed now is for everyone to get involved and to progress the necessary products, services, technologies, policies and standards to ensure digital trust across the board. We can only imagine the opportunities a connected world could deliver, but this will only be realised if all parties act now to establish a solid chain of digital trust.

The author of this blog is Richard Parris, CEO, Intercede

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow


9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

Guardara uncovers key zero day vulnerability in IoT message broker software

Posted on: September 24, 2021

Developer-focused code security specialist Guardara announces it has uncovered a Zero Day Vulnerability in open source software from EMQ, the provider of open source software for IoT devices. The vulnerability, which was uncovered by a non-security expert using Guardara’s powerful testing tool, could have significant implications for connected IoT devices depending on NanoMQ.

Read more

HCL Technologies selects RISE with SAP, deepens strategic partnership with SAP

Posted on: September 24, 2021

HCL Technologies has selected RISE with SAP offering to further modernise its enterprise digital landscape. Additionally, as an SAP strategic partner, HCL will be using this experience to help its clients leverage their combined experience in the industry cloud transformation space.

Read more