IoT is all about sharing data and is getting a lot of attention lately from every consumer electronics manufacturer, but it is also being scrutinized for security concerns. In order for IoT to succeed as a widely adopted standard, it must comply with 3 different market barriers: price, compatibility and security. Since price and compatibility are decisions generally made by market demands and companies behind the technology, I want to deal primarily with security because the Internet of Things will only become a THING once it’s secure.
IoT devices gather personal data from a vast array of sensors that require strong privacy and security. Therefore, IoT devices must be built with security in mind from the start. Unlike price and compatibility, security is not typically something that can be touted as a feature so a unified standard is required and must be carried through to all devices from all makers to avoid fragmentation and weak security. Let me take a moment to step back from the IoT future to learn from the present. This past week’s Apple vs FBI story is shaping up to be one of the year’s, if not decade’s, biggest security stories precisely because law enforcement is looking to compel Apple to break their own unified security standards. What began as a security issue is now quickly becoming a legal issue but Apple seems resolute on keeping it a security issue. Apple and security experts know that encryption must remain strong providing backdoors to absolutely no one. This same principle holds true in IoT security. If a master key to unlock encryption is ever made for any reason, every IoT device and users’ private data could easily go public.
But IoT security discussions are by no means limited to smartphones. A recent vulnerability discovered and beginning to cause widespread concern involves non-Bluetooth wireless keyboards and mice that put user data at risk. Bastille Networks identified seven manufacturers vulnerable to “Mousejack” attacks. These wireless attacks can be accomplished within 300 feet from the target device and allow malware to be installed to ensure future attacks. The Radio Frequency (RF) link would provide anonymity for hackers since they do not have to physically access the target device. Imagine a hacker waiting in a car a few hundred feet outside of your office performing a “Mousejack” and you quickly realize how powerful a remote device hack like this can be.
With estimates of well over one billion vulnerable devices, “Mousejack” is just a sneak peak of what is to come as wireless IoT technology is developed and sold without careful consideration of potential security flaws. So until the IoT industry self regulates its own security, solutions like Bitdefender BOX will prove valuable to anyone feeling vulnerable to malware, viruses and spying. These devices are usually a combination of hardware and software subscription services that connect directly to your router that inspect all incoming packets 24-7. They work invisibly in the background of any network but can be accessed and configured through a smartphone app.
No solution is 100% secure and network bullet-proofing is a fantasy but IoT will never reach widespread use unless users feel secure enough to share their most private data with every device in the chain. Hackers will always continue searching for weak links in that chain so it is somewhat reassuring to see the market respond to security needs until the Internet of things fully embraces security.