Is your personal online security really at risk because of IOT?
Soon nearly every aspect of our life will be connected to the Internet. And, as a result, our most commonly used electronic devices will be able to send and receive user data to businesses. But what kind - and how big - a threat to personal online security will all these connected devices create?
IoT, the wave of the future
Gartner reports that by 2020 there will be 26,000 billion non-PC and mobile devices connected to a network, a form of connectivity called the Internet of Things (IoT).
However, Gartner’s figure only scratches the surface compared to IDC’s research which foresees a sprawling IoT universe of at least 212 billion devices by 2020.
Whichever number is more correct, one thing is certain: nearly everything we come into contact with – thermostats, cars, even basketballs - will be IoT connected, making it, undoubtedly, the wave of the future.
IoT insecurity a major cause for concern
While IoT is sure to change every aspect of our lives, it is already raising a number of questions related to safety and security. Here are a few of the biggest concerns:
DNS will play a critical role in establishing connections between objects and network addresses from which information about those objects can be extracted.
But many have wondered how the current DNS infrastructure will be able to handle the rising number of security threats IoT is sure to introduce. With 72 percent of respondents to a recent survey claiming they have been the target of a DNS attack at least once in a twelve month period, the infrastructure in place seems especially vulnerable.
In fact, we’re already seeing the creation of an “Internet of Threats” with the introduction of IoT-targeting malware like Mirai which many consider to be just the tip of the iceberg if security measures and settings aren’t dramatically improved.
Can IoT product users trust that their personal data will be kept private? A central concern many have is that IoT asset tracking technology will open the door to cybercriminals, a door that will open wider and wider with the use of every new IoT product.
One need look no further than the security flaws which have recently been found in a line of home security cameras used for surveillance and baby monitoring. The cameras, which include a sound and motion detection system as well as two-way audio, have been shown to be especially vulnerable to hacking as they do not require users to change the default password. Moreover, the data transmitted to the company’s servers and user apps is not encrypted, a security flaw found in multiple other connected devises.
While organisations like the National Institute of Standards and Technology are working to improve standards for encryption algorithms, standardised algorithms are a ways off, particularly for smaller devices which will require tailored algorithms. Algorithms designed for standard computer devices like laptops and phones are not likely to scale downward.
How secure are IoT products? Safety has become one of the biggest concerns people have about IoT, a concern that was far from abated when, in 2015, two stunt hijackers, using a cellular connection, remotely hacked the wireless controls of a Jeep Cherokee in motion, demonstrating just how vulnerable IoT products are.
Instances like this are often cited as evidence of the need for stronger safety regulations. “If it can kill you, there [should be] minimum requirements,” says Joshua Corman, a leading IT strategist.
Protecting yourself from IoT risks
Though IoT is still in its infancy phase, some early adopters are already maximising the potential of IoT, demonstrating its ability to change how we live. However, wider adoption of IoT still remains a challenge, one that will require players from multiple domains – technology, government, legal, and more – working together to address problems related to security, privacy, and safety.
But, for now, some steps you can take to minimise your IoT-related risks include:
- Always changing default passwords on connected devices
- Before buying a device, researching the manufacturer’s security policy
- Reading the fine print so you know exactly what data is being collected and, therefore, what potential risks you face
- Giving careful consideration to how connected you need to be
- Keeping the IOT software updated on your IoT devices, the only way to make sure vendors are providing bug fixes
- Asking vendors how to keep your devices protected and how often they need to be updated
As Paul van Brouwershaven from GlobalSign told us last year, security is everyone’s problem, not just the end users'. But, ultimately, all IoT device users must take an active interest in ensuring their own safety and security. Know the risks, protect your personal online security, and hold IoT device makers and vendors responsible for helping keep you safe.