Question

Why does the IOT present a computer security problem?

Answer 1

Every year, we seem to own more Internet of Things (IOT) devices. It should come as no surprise that when everyday products come online with Bluetooth or wifi, the number of attack vectors aimed at individuals and businesses is increasing at an alarming rate. We live in a trusting consumer culture that is more concerned with the functionality and ease of use than they are with privacy and security. To protect their security, IoT device users travel a few paths to arrive at this end. The first is more digitally aware and assume, possibly correctly, that nothing on the internet is private or secure, and the use of any service has a risk associated with it. The second, more trusting or naive path, is users assuming that the services they are using either have no critical data to share, or are taking lengths to secure data that is being accessed. There is a third, less trusting, group of users who may choose not to participate in systems that do not have basic information security. The primary problem that these users have is that soon, everything will be internet enabled. Your toaster will be online, your refrigerator may already be online, and baby monitors and other video and audio systems are already online and being accessed by unauthorized users. Security-conscious users may have to choose between quality of life and digital security.

This stems from the fact that appliance and device manufacturers are hardware companies rather than software security companies. Their priority is the marketability of the term ‘IOT’ in conjunction with their products or with the functionality that the internet can enable. Smart refrigerators will order your milk. They will keep track of your eggs’ expiration date. They will poke a hole in your home wifi network or access the internet directly.

The fundamental security weakness of the Internet of Things is that it increases the number of devices behind your network’s firewall. Ten years ago, most of us had to only worry about protecting our computers. Five years ago, we had to worry about protecting our smartphones as well. Now we have to worry about protecting our car, our home appliances, our wearables, and many other IoT devices.

Because there are so many devices that can be hacked, that means that hackers can accomplish more. You may have heard about how hackers could potentially remotely control cars and remotely accelerate or decelerate the car. But hackers could use even seemingly unimportant devices like baby monitors or your thermostat to uncover private information or just ruin your day. The point is that we have to think about what a hacker could do with a device if he can break through its security.

Computers have automatic updates partly because most users are too lazy to perform even the basic steps needed to keep their computer safe. And when you consider that protecting the myriad IoT devices will be even harder than a single computer, this problem will get even worse.

While tech companies and the government are taking the IoT security threat more seriously, the first line of defense in your home is you. This means taking the time to think about how IoT devices could be used against you as well as going over their security features. For example, an IoT device from a smaller, less established company may be cheaper or have other attractive features. But if that smaller company folds, then there is no one around to patch its vulnerabilities.

As the Internet of Things becomes reality, we have to worry about protecting more devices. But even if you start taking security seriously, the tech companies which make these new devices are too cavalier about the risks. And one problem is that companies do not update their devices enough or at all. This means that an IoT device which was safe when you first bought it can become unsafe as hackers discover new vulnerabilities.

Hackers are scary, but they are far from the only threat to the Internet of Things. In fact, the corporations which create and distribute interconnected devices could also use these devices to obtain personal data, particularly dangerous when used for money transfers.

For now, the best protection which consumers have is to actually read any agreement they sign when receiving a device. Also find what that device’s corporation’s policies are in regards to keeping data safe and sharing said data. This may mean refusing to use certain IoT devices, but said device may not be worth the privacy tradeoff.