I’d like to pose a question: What do you think the security implications of connecting various popular IoT consumer electronic devices is?
A) No harder than it was for other new devices like laptops, wireless connections and smartphones, or
B) No easier than it was for previous new devices.
The answer is both and a little bit more.
Securing IoT devices requires thinking about exactly the same things we have had to before: authentication to them and amongst each other, authorization of the transmission of data, encryption of sensitive data at rest and in transit, privacy and confidentiality with regards to security standards, securing device interfaces for storing and manipulating data and the obvious yet mundane aspects of maintaining updates as well as monitoring the physical security of the IoT devices themselves.
What’s likely to exacerbate dealing with all of this work that has to get done is the explosion of IoT devices and the almost frenzied anticipation that people have for them. The result is that manufacturers are going to be pushed to release products as soon as they can. Historically, this means that important security issues haven’t been properly planned for or tested.
Keep in mind a simple fact that some device manufacturers are already having to deal with. If the IoT device is connected to the Internet it has an IP address. If it has an IP address, it can be reached by anything and anyone else on the Internet. Ask the video camera and video recorder manufacturers that were involved in the recent massive Dyn DNS DDOS attack that brought a number of sites on the Internet to their knees.
In short, the security implications of the IoT devices is the same as virtually any other type of connected device (your desktop, a laptop, your smartphone, etc.) but it is likely to be more than that because the sheer number of them will be enormous.
Brad Johnson is Vice President of SystemExperts Corporation and has been a leader of the company since 1995. He has participated in seminal industry initiatives including the Open Software Foundation (OSF), X/Open, the IETF, and has published many articles on open systems, Internet security, security architecture, ethical hacking and web application security.