Internets of Things (IoT) devices are becoming increasingly commonplace and yet many are widely acknowledged to be insecure.
If that’s the case, why isn’t anything being done about it?
Before you start throwing our your IoT devices it’s worth remembering that they aren’t all insecure. However, many security issues arise during the manufacturing process because the companies that make your IoT devices aren’t security vendors and so end up making fundamental mistakes, such as:
- Passwords are hard coded into device firmware meaning they can’t be changed
- Web consoles used to control IoT devices don’t encrypt data
- Back doors are left open by the manufacturer’s developers when they are creating the software for IoT devices
- Pre-set default passwords are often very easy to detect and crack such as ‘admin’
- It’s not easy to apply updates to IoT devices to patch against vulnerabilities
- Security that does exist is often too complex for average users to manage
If that’s the case why aren’t manufacturers doing anything about it?
Well, there are steps they can take to increase security. These include:
- Enabling automatic device updates
- Designing devices with security in mind
- Providing lifetime support
- Incorporating best security practice
- Giving users the option to disable specific functionality such as peer-to-peer communications
- Incorporating IOT devices into regular security assessments
The reason why they aren’t taking these ostensibly simple steps is that it would mean having to adopt new business models, which would incur additional costs. Most operate on low margins and need to sell lots of devices to be profitable and to adopt the points outlined above would require a lot of investment.
Perhaps the answer is for the government to impose regulations as in other industries. The problem is if a government were to do that it could:
- Drive manufacturers to operate in rival territories
- Create conflict with other nations
- Cause economic conflicts
Above all, it’s seen as an industry issue rather than a government one.
All of this paints a pretty bleak picture, so what can be done?
Change will come down to one thing: large technology companies and organisations coming together to create a working body and set down security standards for IoT devices.
The result will be the adoption of standards, with those companies refusing to comply losing market share. Of course, all of this will take time.
Is there anything you can do now?
If you don’t want to wait for the manufacturers to take action, there is something you can do.
Despite the widespread vulnerabilities of IoT devices, BullGuard is offering consumers the option of protecting their smart devices and home networks with innovative protection.
The Dojo is a smart network device that plugs into a Wi-Fi router and it generates a view of all connected devices on a home network via a device called the Dojo pebble:
All internet traffic on the home network is routed via Dojo, allowing it to secure the home network against cyber-attacks and protect the user from privacy breaches.
Dojo discovers devices connected to the network, secures them and constantly analyses their network activity.
A cloud platform is constantly updated with this behavioural information and with cyber security- related knowledge.
When malicious activity or privacy breach is detected, Dojo notifies its owner through a mobile app, and in most cases automatically emits mitigates the risk.
The Dojo pebble also provides simple colour -based safety indication using green, orange, and red lights.
IoT devices are here to stay and will continue to dominate our lives. With growing fears about security, BullGuard’s solution will offer you peace of mind.