The Importance of Driving IoT Security Standards

A version of this article appeared in S&P Global Market Intelligence in October 2017. You can find the original here

In recent years, IoT devices have become extremely popular for consumers and corporate clients alike. This May, the Echo home assistant sold more than 10 million units, establishing Amazon as the market leader with their Echo Dot and full-sized home assistant. Google also joined the game, selling their Google Assistant device and partnering with Walmart to increase their retail and distribution efforts.

However, the emergence of IoT devices goes far beyond home assistants. Essentially, any device that has the ability to connect to the internet is an IoT device, from baby monitors to sensors monitoring traffic on major highways. With more IoT devices connected to networks than there are people on earth, it’s more important than ever to secure those devices. However, many manufacturers are still selling unsecured devices to the public because of the lack of scalable security standards that can be implemented without having to be a security expert. The impact of this could be catastrophic to our network infrastructure, privacy and safety.

Unsecured Devices are Entry Points

It is often cited that the data contained on an IoT device is not important enough to warrant securing. That would be true if that was what bad actors were primarily interested in, but they’re not. They are interested in the network that the device is connected to and how to use that device to disrupt network operations (denial of service attacks) or use it to gain access to other systems on the network. According to a recent Wired article, the same third-party source code can power many devices, even if they’re from different manufacturers. As a result, a security flaw in the source code of one device can expose other devices connected to that network, allowing malicious code to be installed on them.

You should consider an autonomous IoT device to be a user on your network just as much as a human being behind a PC. If a device has access to your network, it potentially has access to everything else that is on your network. As such, you want to make sure that you can identify and manage every device on the network just as you would every human being on the network.

Networked Devices with Safety Concerns

Contemporary networked devices go beyond personal computers and office phone systems because they operate autonomously with little or no human interaction. In 2016, Chevrolet saw data usage increase almost 200% for their internet-connected vehicles. This comes with countless advantages, but the disadvantage is that these networked vehicles are now exposed to the hazards of the Internet. In August of last year, hackers were able to remotely control the steering and brakes of a new Jeep Cherokee (a year after the Cherokee had already been hacked). This is a major concern when it comes to autonomous driving, which is already being offered by over 10 vehicle manufacturers around the world in some capacity, not to mention the personal and corporate data at risk. Unless tighter security regulations are implemented for autonomous and IoT-connected vehicles, hacks like these will only become more serious.

Privacy Concerns

Privacy concerns are nothing new when it comes to networked devices. In fact, putting a piece of tape over laptop webcams was recommended by former FBI director James Comey. Cameras are now everywhere, from the front-facing cameras on smartphones to home security systems remotely accessible from anywhere in the world. If these devices are compromised, those with access would be able to obtain audio and video information from these devices.

Hacks are also a growing concern for home and business owners who employ smart locks. A recent study found that 75% of Bluetooth-enabled smart locks can be hacked, providing entry into homes and other secure areas (or preventing the right people from gaining access). Smart homes and offices are the way of the future, but with security concerns this serious, they won’t be widely adopted until regulations have addressed these challenges.

As IoT devices become more ubiquitous, security standards and regulations are more important than ever since security and interoperability are inter-related. Manufacturers are working towards standards that raise the bar on security and access control, but users will also have a role to play. It’s up to device manufacturers and application developers to implement security standards. However, it is the consumers, operators, integrators and enterprise businesses that provide the market pull for those standards to help drive adoption.

Interested in learning more about IoT device security? Don’t forget to read my latest posts here. If you have any questions about IoT security, digital certificates or launching a connected IoT product, contact us today to find out how we can provide secure connectivity for your products.

About KYRIO

For manufacturers and service providers, Kyrio accelerates and deploys new network innovations into the ecosystem. Backed by the power of CableLabs, Kyrio sets technology on a path to commercialization, enabling not just today but tomorrow’s communication.