Why are IoT devices insecure?
There is an old saying:
If it can connect to the internet, it can be hacked!
And IoT represents the Internet of Things. Connected to the internet things.
But what specifically makes IoT devices more vulnerable than say a laptop or your smartphone? Let us begin.
A brief History of IoT
Although IoT started gaining major traction around 2010, it actually dates back to 1999 in the MIT Auto-ID Center founded by Kevin Ashton.
At that time Kevin was focused on supply chain optimization and was trying to get the attention of Procter & Gamble executives regarding an exciting new technology called RFID.
However, the term IoT would fall into obscurity until the 2010s when google started storing data about people’s Wi-Fi networks while they were taking street view pictures.
People thought with this move, Google was trying to index the physical world in addition to the internet.
The discussion around IoT reached mass awareness when in 2014, Google purchased Nest for $3.2b. In the same year, CES (Consumer Electronics Show) Las Vegas was held with IoT as the central theme.
IoT was finally on the rise and with great fanfare too.
But, as with anything that becomes popular, it attracts both good and bad attention.
Now that you understand the context around IoT, let’s go deep into why
What makes these devices Insecure?
So what makes IoT devices so insecure? Let’s start with the problem of IoT security standardization.
A Lack of Standardization
When it comes to hardware cybersecurity, one of the most effective methods to make devices safe is the creation of hardware standards amongst the various manufacturers and developers.
These security standards include various security benefits like:
- Storage Security – which can allow IoT devices to store data securely
- Key management – which allows device manufacturers to know if the electrical components are genuine or compromised
- Root of Trust – which makes sure devices can only execute programs that have been verified by the manufacturer
This all sounds great. All this standardization could help prevent most IoT device vulnerabilities right? No
The problem is there are millions of different IoT devices, each running a different OS version with different hardware combinations underneath.
The result is standardization, at this point is pretty much impossible.
Difficult to Administer
Many IoT device vulnerabilities are simply caused by either misconfiguration or old software running on the machine (called firmware).
The issue with this is the average end user will find it extremely difficult to be able to fix the above issues.
Think about it like this, how of you reading this post have ever changed the software on your router, for example?
How about upgrading the firmware on your router?
In fact, how many of you even knew what firmware was before you clicked on this article?
These questions are not being asked to shame or mock you. The average person should NOT have to worry about these things, however, they are a primary source of vulnerabilities.
Couple this with the fact that most IoT devices in the home lack screens or any moving parts.
This makes it almost impossible to assess the state of your device until it is too late.
IoT devices for the most part lack power. Many of these devices are constrained by physical size, processing power, storage, etc.
This is a big issue because the standard method for defending against threats, i.e. anti-viruses, needs a lot of power to function effectively.
A lack of power also leaves these devices vulnerable to various types of Denial of Service (DoS) attacks, i.e. making so many computing requests to the device that it can’t function properly.
To recap, we covered a brief history of IoT and we also went deep into the question of why IoT devices are so insecure. This ranged from the immense difficulty of standardization to the power constraints of IoT devices.
However, an important question remains, will we ever be safe?
Will we ever be Safe?
This depends, for us to overcome the issues regarding IoT security, we must start from the ground up!
We cannot apply the methods used in traditional computing security to IoT devices because doing so will always end in failure. There need to be new rules and paradigms built specifically for IoT devices and these rules need to be people-centric, not business-centric.
The people are the ones that suffer when a breach happens or when their device is rendered inoperable by a hacker. The people need a way to protect themselves without having to rely on hardware manufacturers.
Thanks for reading this far, make sure to share this article as the more people read it, the more awareness is raised about IoT vulnerabilities.
Here are some articles that we have compiled to help you in your smart home cybersecurity journey. These articles give you knowledge that is often hidden from the average consumer, so it’s a great idea to give them a read.
If you liked this post, you should join the Simius mailing list. We give you the latest information about smart homes, home network security and other great stuff you will want to know about while embarking on your home automation adventure.