Who’s afraid of the IoT?

Flickering light bulbs, scary Barbie dolls that spy on you, infected computer networks and cities out of action. This could be the brave new world of the Internet of Things, if we neglect security, warns Ian Kilpatrick, executive vice-president of cyber-security for Nuvias Group

The IoT is here and it isn’t secure. And it won’t be secure until IoT device manufacturers make it secure, which will be many years in the future.

In the meantime, the IoT is in our homes and in the workplace. Its uses range widely, from domestic time-savers like switching on the heating, to surveillance systems, to ‘intelligent’ light bulbs.

This proliferation of devices and objects collect and share huge amounts of data. However, proliferation also has the potential to create greater opportunities for vulnerabilities. Moreover, because these devices are connected to one another, if one device is compromised, a hacker has the potential opportunity to connect to multiple other devices on the network.

Indeed, there have been a number of high-profile cases where everyday items have been used to force websites off-line. Recently, hackers harnessed the weak security of internet-connected devices, like digital video recorders (DVR) and cameras, using botnets implanted in the devices to take down sites such as Amazon, Netflix, Twitter, Spotify, Airbnb and PayPal.

Elsewhere, researchers said they had developed a worm that could potentially travel through ‘smart’ connected light bulbs city-wide, causing the web-connected bulbs to flicker on and off.

These are just a few examples of the security failures in devices for the IoT. Unfortunately, they are not the exception. Manufacturers are rushing to make their devices internet-connected but, in many cases, with no thought (or indeed knowledge) around security.

The next step on IoT’s journey is connected or smart cities, where the consequences of an attack are enormous. It’s not just one light bulb – a hacker can potentially plunge an entire city into darkness, or disable surveillance systems, causing chaos.

There’s no turning back the tide of any of these IoT applications – and in fact we shouldn’t try to halt progress. However, checking the security capabilities before deployment isn’t a bad strategy. Especially as it is important to ensure that the advance of IoT isn’t providing hackers and criminals with another entry point for attack.

It’s down to organisations to make sure IoT devices are protected and user education should be a key element in defence.