Is IoT Really the New Wild West?

This weekend has seen many new headlines in the mainstream press regarding the recent botnet attack creating more fear and lack of consumer trust in IoT devices, headlines such as:

  • “Do you want your shower to help Russian hackers? “
  • “IoT-enabled botnet launches record 1.5Tbps DDoS attack!”

Just why are IoT devices so vulnerable and who is going to help fix the issues or is IoT really the new wild west.

Hijacking Internet Connected Devices

The botnet attack occurred as hackers were able to hijack a vast number of internet connected devices (such as IoT wifi routers / home cameras) which they then used to throw vast amounts of junk traffic at DNS services operated by US company Dyn. With the DNS service being down, hundreds of very popular websites were inaccessible including: Netflix, Twitter, GitHub, AirBnB etc.

Why were IoT devices used in such an attack?

The reason is simple, most of the devices have very limited security measures which meant the hackers could easily place their malware on to the devices. In a recent survey by HP it found that over 70 percent of the IoT devices and sensors examined were susceptible to one or more of the vulnerabilities in the OWASP Internet of Things Top 10. Over the last few years there has been many examples of security flaws in IoT devices such as the very public example of Osram Lightify smart bulbs that security experts found could enable hackers to breach home Wi-Fi networks. Nine flaws in the Home and Pro versions of Osram Lightify could let attackers gain access to home Wi-Fi network and activate the lights. Connected devices create an increased level of intrusion in our lives, generating new types and unprecedented quantities of data, raising further the importance of quality and security in such products.

Who is at Fault for IoT Security Vulnerabilities?

Consumer trust in IoT is already low but who is going to start to address the issues. Is it the responsibility of the consumer who owns the device to ensure it has the latest security patches? Is it the networks that allow the attacks to occur and could block the traffic? Is it the manufacturers who produce the products, should they be made to maintain updates for a period?

The problem with IoT is that consumers won’t fix it as they demand cheap products and manufactures are meeting this request with creating simple products, sometimes on a shoe-string. The only real answer has to be increased regulation but there is a current myriad of competing standards all fighting for top spot. Whilst the industry waits for the governments and IoT consortiums to start the regulation process it has to be up to the IoT providers to ensure the quality and security of their products.

The Solution

They must ensure that products pass through a vigorous QA process and be verified against the latest security standards. There must also be consideration for ongoing maintenance of the products ensuring they are regularly updated depending on their criticality. Unless these issues are addressed the only winners in the IoT wild west will be the hackers.

The T&VS IoT lab and certification process helps companies to ensure their products conform to the latest industry standards and QA and security testing best practices.

For more information see: T&VS IoT lab and certification

Find out more at the 52nd Test Management Forum

Mike Bartley Founder & CEO, TVS

Mike Bartley
Founder & CEO, T&VS

Mike Bartley, CEO and Founder of T&VS will expand on this discussion at the 52nd Test Management Forum taking place in London on Wednesday 26 October 2016.   Join us there.

Update: Presentation Slides Now Available

Abstract of talk:

The Internet of Things (IoT aka M2M) refers to an expanding network of interconnected internet-enabled devices. In the future everything will be connected, the current thinking is that only 2% of items in the world are connected and there is still 98% to go!  Estimates suggest that by 2020 there will be in the region of 50bn IoT devices – all talking with one another on a constant basis.

If you are a manufacturer, solution builder, or service provider, then how will you ensure that your solution works, will it stay connected to the different access points? IoT is going to drive the importance of interoperability between different markets/sectors and technologies. Customers today vote with their feet and are not loyal with poor performing products. How will you test your product with varying network conditions? How will your device work in the wild?

In this talk we will discuss what is required by a “IoT device testing lab” – e.g. conformance to all the standard protocols, connection with the standard network providers, some basic security testing?

We will also discuss whether we should consider an “IoT Kitemark” to provide some level of assurance?

2017-05-17T10:28:40+00:00 25th October, 2016|IoT, Security, Thought Leadership|
T&VS NEWSLETTER SIGN-UP
The T&VS newsletters inform you about industry news, events and information from T&VS. No spam, we promise and it is always easy to unsubscribe.
We never share your information. Read our Privacy Statement
Interested in Formal Verification?
Then why not attend the TVS Formal
Verification Bootcamp training?
The 2-day Formal Verification Bootcamp is for design and verification engineers looking to enhance their knowledge of formal verification and to learn how to write effective assertions to find and fix bugs. The course is a mix of presentations and hands-on development exercises.
Bootcamp Enquiry Form
If you are interested in receiving additional information on the course then simply email Mike Bartley (TVS CEO and Course Leader) by entering your details below.
Interested in SystemC?
FREE SystemC UVM Library Now Available
The TVS SystemC UVM library closely mimics UVM but gives users a license free UVM-based verification environment.
Have your product requirements been successfully tested and implemented?
Find out how asureSIGN can help you implement a successful Requirements Driven Verification and Test Strategy by visiting asureSIGN or enter your details and we will be in touch.
Course Dates and Pricing
To receive additional information, including course dates and pricing, please contact our training team who will be happy to help.
Download Request
Please complete the following form then click 'submit' to access the download.
Presentation Request
Please complete the following form then click 'submit' to gain access to the presentations.
DOWNLOAD REQUEST
Please complete the following form and then click 'submit' to gain access to the download.
FREE QA ASSESSMENTS
Did you get what you were looking?

Let the testing experts help. We will run a FREE QA assessment which will include our top 5 recommendations to help maximise your testing.