The S in IoT stands for Security

Security in IoT has to be taken more seriously and not just as an afterthought once the device is compromised.  Why are there so many devices out there that are just wide open to the most basic hacks? Many have default passwords and don’t even use encryption. Whose responsibility is it to fix it and ensure in the future these devices are safe to have in our lives & houses and start the slow process of rebuilding consumer trust.

With the recent negative headlines regarding IoT devices being hacked and used as a mass weapon on other parts of the Internet, surely this is going to start effecting customer decisions on what products they buy? Who can they trust? Can they trust for example Philips smart light bulbs or Nest smart thermostat? Both companies have had recent issues regarding products being compromised

Is it not about time for the IoT industry to start to regulate or impose increased security on devices? Consumers want cheap devices and manufacturers are meeting this demand by producing low-end devices to ensure they can meet the price point, which usually means there is little investment in security within the device.  The recent DDOS attacks were caused by the Mirai malware, which tries a combination of 60 different usernames/passwords to gain access to a device. The result was the Dyn DNS services were hit by 10s of millions of IP addresses trying to flood its servers. Chinese manufacturer ‘Hangzhou Xiongmai Technology’, produces DVRs and internet-connected cameras, it has admitted it may have inadvertently played a big part in the recent attack due to the fact all its devices had weak passwords.  They have now started the task of trying to patch each of its products. Find out More

Who is going to start the slow process of rebuilding consumer trust in IoT devices? The only real answer has to be increased regulation but there is a current myriad of competing standards all fighting for top spot.  Whilst the industry waits for the governments and IoT consortiums to start the regulation process it has to be up to the IoT providers to ensure the quality and security of their products. They must ensure that products pass through a vigorous QA process and be verified against the latest security standards. There must also be consideration for ongoing maintenance of the products ensuring they are regularly updated depending on their criticality. IoT devices have to be developed with the same level of support as for example your laptop, just as the online threats are ever changing, then Microsoft are forever patching and blocking these threats. Based on risk levels then IoT devices should have ongoing support and maintenance to ensure they remain secure against the latest security holes.

Test and Verification Solutions (T&VS) IoT lab and certification process helps enable companies to ensure their products conform against the latest industry standards and QA & security testing best practices.

For more information see here