The Current State of IoT Security: How We Got Here and What’s at Risk
March 25, 2020 - 8 minutes readWhat’s in store for the future of the Internet of Things (IoT)? Once reserved for industrial applications and smart security systems, IoT development has become ubiquitous today. For example, you can now walk into numerous retail outlets and purchase a toaster with Wi-Fi connection capability.
But as IoT expands to include almost every type of device imaginable, experts are beginning to question if the technology and market are moving in the right direction. Privacy and safety have become red-hot topics in this industry. Can IoT security improve enough to address these issues?
The Rise of IoT and Privacy Issues
In the 1970s, futurists like Steve Wozniak and Paul Allen envisioned a forthcoming era in which everyone could afford a personal computer. Skeptics were quick to dismiss these predictions, but fast forward to today, and they’d be easily proven wrong. Not only are computers everywhere, but sensors are now attached to everything.
Engineers are inventing new IoT solutions and applications daily. Manufacturing and logistics supply chains still rely on sensors as well as RFID and GPS technology to operate smoothly. But these paradigms have extended into the consumer arena.
Insurance companies now reward policyholders for frequent use of wearable devices. Modern home accouterments like temperature control, lighting, and security can all be managed with the push of a button. And many of us now have our very own personal digital assistant in the form of Alexa or Google Home.
As a result, the IoT industry is set to reach $3.77 trillion by the end of 2020 and doesn’t show any signs of slowing down. This unprecedented level of growth has raised concerns about the potential negative effects of IoT, particularly in regards to privacy and security. After all, IoT’s infrastructure generates a gargantuan amount of data every day.
At this level of adoption, privacy issues become paramount. Lawmakers around the world are racing to implement regulatory frameworks that protect consumer information gathered by IoT products. And terms of service agreements try to alleviate any distrust by spelling out everything an organization plans to do with a user’s data.
But it’s difficult to verify if companies are staying consistent with the policies they’ve set forth for themselves. Besides this, rogue actors, like a disgruntled employee, certainly aren’t playing by these rules. And to make matters worse, is the data even secure on the consumer’s end?
The Hidden Dangers of IoT Devices
Many of the factors we’ve mentioned may seem subtle or sound like something that couldn’t happen to you. To put things in perspective, Japanese policymakers have authorized a mass “cyberattack” to prepare for the 2020 Tokyo Olympic Games. Through this series of hacks, the Ministry of Internal Affairs and Communications hopes to identify unsecured IP addresses and any IoT devices that lack proper security.
Believe it or not, one of the ways they’ll be finding these devices is by trying common passwords like “1234” or “admin” to breach them. Many users don’t switch the default username and password of their devices, and even more people are unaware that they should do this with IoT devices too. Just by knowing the right port number, hackers can easily access the data of these gadgets.
It’s also worth noting that many users are unaware of when an IoT device is transmitting data. Many smart home appliances are forthcoming about the data they collect and send to remote servers. But few consumers actually take the time to read through this relevant information.
Shodan shines a light on just how severe this problem is.
Lots of Risk, Very Little Reward
It’s not uncommon for IoT equipment to make itself visible without users being aware of it. Shodan is a search engine that allows users to find specific types of computers and devices connected to the internet via various filters. In the past, users have found 50,000 different devices sharing keys on a single common port!
The worst part? There’s a good chance that many of these devices weren’t even necessary. Often, consumers purchase and install equipment without configuring or even using it again. Since finding those 50,000 devices, many of them have been cleared out of Shodan’s search results. But the search engine continues to track innumerable devices that are transmitting data, unbeknownst to their users.
A lot of these issues boil down to how the world approached IoT development as a whole. Innovation was the main priority, while security took a backseat. This becomes evident when looking at IoT connectivity devices like the Arduino module or the Alexa Connect Kit. The first example lacks any firewall capabilities. And the latter example, created by a famous Seattle developer and e-commerce giant called Amazon (you may have heard of them), partially relies on a closed-source design that could still be vulnerable to breaches.
With all of these risks, one has to wonder if the reward that consumers get in return is actually worth it. IoT devices are integral in the security and industrial sectors. But how much is there to really gain from a smart toaster or teapot? It’s imperative that people ask themselves these questions. Otherwise, without taking proper precautions, they risk sacrificing their privacy for what could amount to a minute convenience.
This isn’t to say that consumers should abandon IoT devices for their homes. As we mentioned, these gadgets are getting better in performance and capabilities every day. But before we keep improving them in these aspects, we must take care of security.
Some proponents of IoT security think the onus falls on manufacturers and developers to educate the public about the potential dangers of using these devices. Others think that the industry should slow down and let security catch up. Whatever the solution is, it’s clear that both developers and end-users must re-evaluate their priorities. Only then will IoT be able to flourish in a truly safe, productive manner.
Tags: app developers Seattle, cybersecurity, cybersecurity attacks, data cybersecurity, data security, Internet of things app developers Seattle, IoT app developer Seattle, IoT app developers Seattle, iot app development, iot app development seattle, mobile app developer Seattle, mobile app development Seattle, Seattle app developers, Seattle app development, Seattle IoT, Seattle IoT app developer, Seattle IoT app developers, Seattle mobile app developer, seattle mobile app development