The S in IoT stands for Security

Security in IoT has to be taken more seriously and not just as an afterthought once the device is compromised.  Why are there so many devices out there that are just wide open to the most basic hacks? Many have default passwords and don’t even use encryption. Whose responsibility is it to fix it and ensure in the future these devices are safe to have in our lives & houses and start the slow process of rebuilding consumer trust.

With the recent negative headlines regarding IoT devices being hacked and used as a mass weapon on other parts of the Internet, surely this is going to start effecting customer decisions on what products they buy? Who can they trust? Can they trust for example Philips smart light bulbs or Nest smart thermostat? Both companies have had recent issues regarding products being compromised

Is it not about time for the IoT industry to start to regulate or impose increased security on devices? Consumers want cheap devices and manufacturers are meeting this demand by producing low-end devices to ensure they can meet the price point, which usually means there is little investment in security within the device.  The recent DDOS attacks were caused by the Mirai malware, which tries a combination of 60 different usernames/passwords to gain access to a device. The result was the Dyn DNS services were hit by 10s of millions of IP addresses trying to flood its servers. Chinese manufacturer ‘Hangzhou Xiongmai Technology’, produces DVRs and internet-connected cameras, it has admitted it may have inadvertently played a big part in the recent attack due to the fact all its devices had weak passwords.  They have now started the task of trying to patch each of its products. Find out More

Who is going to start the slow process of rebuilding consumer trust in IoT devices? The only real answer has to be increased regulation but there is a current myriad of competing standards all fighting for top spot.  Whilst the industry waits for the governments and IoT consortiums to start the regulation process it has to be up to the IoT providers to ensure the quality and security of their products. They must ensure that products pass through a vigorous QA process and be verified against the latest security standards. There must also be consideration for ongoing maintenance of the products ensuring they are regularly updated depending on their criticality. IoT devices have to be developed with the same level of support as for example your laptop, just as the online threats are ever changing, then Microsoft are forever patching and blocking these threats. Based on risk levels then IoT devices should have ongoing support and maintenance to ensure they remain secure against the latest security holes.

Test and Verification Solutions (T&VS) IoT lab and certification process helps enable companies to ensure their products conform against the latest industry standards and QA & security testing best practices.

For more information see here

2017-05-11T06:37:38+00:00 22nd November, 2016|IoT|
T&VS NEWSLETTER SIGN-UP
The T&VS newsletters inform you about industry news, events and information from T&VS. No spam, we promise and it is always easy to unsubscribe.
We never share your information. Read our Privacy Statement
Interested in Formal Verification?
Then why not attend the TVS Formal
Verification Bootcamp training?
The 2-day Formal Verification Bootcamp is for design and verification engineers looking to enhance their knowledge of formal verification and to learn how to write effective assertions to find and fix bugs. The course is a mix of presentations and hands-on development exercises.
Bootcamp Enquiry Form
If you are interested in receiving additional information on the course then simply email Mike Bartley (TVS CEO and Course Leader) by entering your details below.
Interested in SystemC?
FREE SystemC UVM Library Now Available
The TVS SystemC UVM library closely mimics UVM but gives users a license free UVM-based verification environment.
Have your product requirements been successfully tested and implemented?
Find out how asureSIGN can help you implement a successful Requirements Driven Verification and Test Strategy by visiting asureSIGN or enter your details and we will be in touch.
Course Dates and Pricing
To receive additional information, including course dates and pricing, please contact our training team who will be happy to help.
Download Request
Please complete the following form then click 'submit' to access the download.
Presentation Request
Please complete the following form then click 'submit' to gain access to the presentations.
DOWNLOAD REQUEST
Please complete the following form and then click 'submit' to gain access to the download.
FREE QA ASSESSMENTS
Did you get what you were looking?

Let the testing experts help. We will run a FREE QA assessment which will include our top 5 recommendations to help maximise your testing.