IoT – Internet of Things. No doubt you have seen this rather undefined acronym somewhere on your news feed recently, but what exactly is it? Well, IoT is SMART. Smart meters, smart vehicles, smart homes, smart clothes, smart industry, smart everything. All connected to the internet.
In short, all devices in the future will be able to talk to other devices through the Internet, a truly connected world. Internet of Things has evolved due to a convergence of multiple technologies, including ubiquitous wireless communication, real-time analytics, machine learning, commodity sensors, and embedded systems. It is a concept that will power a new era of industry and is transforming our lives in powerful ways, including our habits, behaviours, and even the way we do business.
There are currently more than 12 billion connected devices (smart ‘things’) in the world. With 75 billion expected by 2025 and well over 100 billion by 2030, an estimated global market reaching tens of trillions of dollars. With this in mind, one would think that security is the foremost topic of conversation whilst developing these ‘smart’ technologies. However, since the concept is relatively new and the nature of the market forces designers to get their products on sale quickly, security shortcuts in the design phase of these products are being taken.
The OWASP Foundation has detailed the use of Insecure Default Settings, Lack of Physical Hardening and Use of Insecure and Outdated Components within its top ten IoT vulnerabilities for the past several years. Issues with which end users and busy individuals have neither the time or know-how to resolve.
Another of the main challenges facing device manufacturers and security professionals today is the frustrating lack of industry standards; many IoT security frameworks exist, but there is no single industry-accepted standard to date. And even though adopting one of these frameworks can help, the lack of industry accreditation negates proper oversight. These are issues that can be mitigated with proper industry guidelines and manufacturer awareness.
This doesn’t give room for complacency. Since the dawn of automated industry, we have seen sophisticated cyber weapons invading target systems. In the future we are surely going to see further attacks of increasing complexity.
We must learn to see security as a shared issue between industries, now more than ever. The reality is that the Internet of Things allows for virtually endless opportunities and connections to take place, many of which we can’t even think of or fully understand the impact.
Over the course of these weekly posts I hope to be able to guide you through this new era of intelligent technology and show the methods with which hackers will attempt to exploit your device ecosystem.