Have you ever thought that you put your life and your family in danger every time when you connect your things to the internet? Everyone nowadays knows what is Internet of Things (IoT) and more people look to implement it into their personal environment. Either is your TV, your car or your home heating system, once connected to the Internet it will be a gate for hackers to your private space. How should we prevent possible attacks? How can we reduce the risks? In this article you will find how experts think that Internet of Things Security can be achieved.
Probably the best books about Internet of Things Security
Joshua Corman – Director of the Cyber Statecraft Initiative for the Atlantic Council. Co-founder at @RuggedSoftware and @IamTheCavalry. Eencourage new security approaches in response to increasing dependence on technology. Corman’s unique approach to security in the context of human factors, adversary motivations and social impact has positioned him as one of the most trusted names in security. See in the video below his expert opinion in Internet of Things Security topic:
James Lyne – is global head of security research at the security firm Sophos. He is a self-professed ‘massive geek’ and has technical expertise spanning a variety of the security domains from forensics to offensive security. He is a certified instructor at the SANS institute and often a headline presenter at industry conferences. See James Lyne’s thoughts about Internet of Things Security in the video below:
Paul Dant – Chief Strategist & Managing Principal, Independent Security Evaluators. With over twenty years of focused security research and consulting, Paul Dant has vast knowledge of today’s security landscape that he augments with deep technical understanding. Dant is currently Chief Strategist and Managing Principal at Independent Security Evaluators, where he drives strategic initiatives and oversees a team of world-class hackers. What Paul Dant thinks about Internet of Things Security:
Jeff Aboud – works in Cisco’s “Internet of Things” solutions group, focusing on IoT architecture and the security ramifications of IoT adoption. Quick intervbiew from with Jeff about Internet of Things Security in the video below:
One of the biggest problem with the Internet of Things devices is that manufacturers are very slow in implementing security. This problem exists because of the effort of lowering the final device price. IoT Manufacturers are struggling to make devices as inexpensive as possible in order to be competitive on the market. To achieve that they usually equip hardware with the most basic software, which can’t often be updated.
As the risks are more visible, some of the smart IoT devices are available with a pretty decent standard security implementation by getting periodic firmware updates. While this is a good start, most of the internet-ready devices are very vulnerable when it comes to security, and, they also cannot be integrated in already existing standard security conventions used by the high level companies.
What you need to understand is that, once a device is connected to the internet, it starts exposing available data in a world wide network. For instance, one of the most hijacked IoT devices in the 2016 was Surveillance Video Cameras. They are so vulnerable and easy to hijack, and many of them have also direction control, which can be also taken over by the hackers. Think that hackers can take over control of your baby monitor camera and inspect your house or see where you are hiding value objects. This is just unthinkable, but it’s happening. In fact some say that the biggest companies use our Smart-TV’s cameras to gather personal marketing preferences.
Because A.I. is not yet ready, smarter still means connected in nowadays. While the computers can’t learn by themselves, they need to stay connected to a mainframe and listen. One of the biggest mistake that everyone makes is that for instance,is that, despite we pay allot of money for a house, we choose to search for the cheapest accessories. In software, as in many other domains, the quality comes with the price. There are also cloud companies which have paid services, and can guarantee a security backpack.
In December, 2015, Nathan Frost a construction engineer from Vancouver (Canada) had the worst day of his life. While having a normal working day, he was called by his neighbors which told him that this house is on fire. Nathan is a ingenious engineer, who loves electronics and software programming, but also a real fan of DIY. His house was equipped with automatic centralized heating systems based on methane gas. The central system was connected trough the Internet of Things to a Cloud monitoring and Control system. On 18 December, the free cloud servers where accessed by some russian hackers, who gained access in to the entire IoT network.
One of them, while trying to have fun, turned the temperature from Nathan house at the maximum level. After 4 hours of working at 100%, the conversion gas station from the heating system gave up and the pre-heating mechanism set on fire. In no time, the entire house, and also another house near went on fire. The free cloud service company declared that they were officially attacked by hackers with addresses coming from Russia, and more than 1.500 cloud accounts were taken over control.
Don’t put the price over the quality! When talking about electronics and software, usually cheaper modules offer almost the same functionality as the premium ones.
Don’t put functionality over security ! – It doesn’t matter how good is a piece of hardware or software, and how much is offering. If it cannot respect the most basic security rules, it should not be part of the main component.
Therefore, the first step in every project would be to setup a set of security rules, before start picking the hardware & software.
Hoping that this article inspired you, i kindly invite you share this article, subscribe my YouTube channel and join the communities on social networks. Please feel free to comment or send suggestions / remarks so i can improve the content quality!