The growth in the Internet of Things (IoT) has already been flagged as a major security concern with white good manufacturers rushing to come up with a cool solution rather than something that connects to the web securely.
The security industry is starting to get more serious and more formal in its response to the IoT security threat and the Online Trust Alliance (OTA) has made its thoughts on the risks known.
The Alliance members include the likes of AVG, Microsoft, Symantec and TRUSTe and set up a IoT working group at the start of the year, which has already called for security, privacy and sustainability to be key considerations for those developing IoT apps.
“The rapid growth of the Internet of Things has accelerated the release of connected products, yet important capability gaps in privacy and security design remain as these devices become more and more a part of everyday life,” said Craig Spiezle, executive director and president of OTA.
“For example, when someone sells a houseicon1.png with a smart thermostat or garage door, how does the new owner ensure former users can no longer access these devices? How do manufacturers protect against intrusions into smart TVs and theft of data collected from device cameras and microphones? What is the collective impact on the smart grid or our first responders should large numbers of these devices be compromised at once?” he asked.
At a recent MicroScope security roundtable worries were expressed about the growth in IoT devices that could potentially be open to exploitation by hackers with the assembled vendors worried that smart cars and homes could act as backdoors for those looking to carry out a cyber attack.
The response to the OTA warnings have also fired up others in the industry with Darin Welfare, vice president EMEA at WinMagic, pointing out that the conclusion that a lot of IoT security is flawed should come as little surprise to anyone in the industry.
“Recent breaches such as that witnessed with the Jeep hack are a prime example of the current limitations presented by connected devices. These vulnerabilities will be of particular concern for businesses in the coming years as more and more devices are connected to the corporate network, presenting hackers with additional attack vectors to target organisations. In addition to being hugely inconvenient for the individual, a hack targeting devices connected to a company network could have catastrophic consequences,” he said.
“IoT is still in its relative infancy and historically speaking, all new connected devices are initially weak in relation to security and are testing functionality, information and vulnerability limits. To better secure these devices, device manufacturers can also look at encryption at the hardware level, which will ensure that any data mined from the device is unusable,” he added.