Opinions expressed in this piece are solely those of the author and do not represent the views of S&P Global Market Intelligence.
Ron Ih, director of business development at Kyrio, a subsidiary of CableLabs
Bio: Ih is working to define solutions that address the evolving security needs for internet of things at Kyrio. The unit aims to expand the impact of technologies created at CableLabs.
However, the emergence of internet of things devices goes far beyond home assistants. Essentially, any device that has the ability to connect to the internet is an internet of things device, from baby monitors to sensors monitoring traffic on major highways. With more internet of things devices connected to networks than there are people on earth, it's more important than ever to secure those devices. However, many manufacturers are still selling unsecured devices to the public because of the lack of scalable security standards that can be implemented without having to be a security expert. The impact of this could be catastrophic to our network infrastructure, privacy and safety. In recent years, internet of things devices have become popular for consumers and corporate clients alike. This May, the Echo home assistant sold more than 10 million units, establishing Amazon.com Inc. as one of the leaders in the internet of things market. Alphabet Inc.'s Google has also joined the game, selling their Google Assistant device and partnering with Wal-Mart to increase retail and distribution efforts.
Unsecured devices are entry points
It is often cited that the data contained on an internet of things device is not important enough to warrant securing. That would be true if that was what bad actors were primarily interested in, but they’re not. They are interested in the network that the device is connected to and how to use that device to disrupt network operations (denial of service attacks) or use it to gain access to other systems on the network. According to a recent Wired article, the same third-party source code can power many devices, even if they’re from different manufacturers. As a result, a security flaw in the source code of one device can expose other devices connected to that network, allowing malicious code to be installed on them.
You should consider an autonomous internet of things device to be a user on your network just as much as a human being behind a PC. If a device has access to your network, it potentially has access to everything else that is on your network. As such, you want to make sure that you can identify and manage every device on the network just as you would every human being on the network.
Networked devices with safety concerns
Contemporary networked devices go beyond personal computers and office phone systems because they operate autonomously with little or no human interaction. In 2016, Chevrolet saw data usage increase almost 200% for their internet-connected vehicles. This comes with countless advantages, but the disadvantage is that these networked vehicles are now exposed to the hazards of the internet. In August of last year, hackers were able to remotely control the steering and brakes of a new Jeep Cherokee (a year after the Cherokee had already been hacked). This is a major concern when it comes to autonomous driving, which is already being offered by over 10 vehicle manufacturers around the world in some capacity, not to mention the personal and corporate data at risk. Unless tighter security regulations are implemented for autonomous and internet of things-connected vehicles, hacks like these will only become more serious.
Privacy concerns are nothing new when it comes to networked devices. In fact, putting a piece of tape over laptop webcams was recommended by former FBI director James Comey. Cameras are now everywhere, from the front-facing cameras on smartphones to home security systems remotely accessible from anywhere in the world. If these devices are compromised, those with access would be able to obtain audio and video information from these devices.
Hackers are also a growing concern for home and business owners who employ smart locks. A recent study found that 75% of Bluetooth-enabled smart locks can be hacked, providing entry into homes and other secure areas (or preventing the right people from gaining access). Smart homes and offices are the way of the future, but with security concerns this serious, they won't be widely adopted until regulations have addressed these challenges.
As internet of things devices become more ubiquitous, security standards and regulations are more important than ever, since security and interoperability are inter-related. Manufacturers are working toward standards that raise the bar on security and access control, but users will also have a role to play. It’s up to device manufacturers and application developers to implement secure standards. However it is the consumers, operators, integrators and enterprise businesses that provide the market pull for those standards to help drive adoption.