Internet of Things – Potential Security Risks

Internet of Things – Potential Security Risks

This post is also available in: heעברית (Hebrew)

10306342_m כקשאורקWe’re entering a new age, an age where our devices are connected to the internet, communicating through the net to fulfill various needs. When the internet first came along no one thought about security and how the net could be abused, a fact that made it virtually impossible to protect. As we slowly march into the age of Internet of Things, the question is whether we learned something from the challenges we’re facing online today. Are we thinking about security when creating this new internet entity? According to our first impressions the answer is less than encouraging.

Even today the use of home cameras, smart televisions and vehicles connected to the internet is widespread – the concept of Internet of Things is on the rise. Over the next few years our homes and environments are expected to grow smarter, more connected. As we all know, however, technology tends to leap ahead of security, with regulation also lagging behind – regulation which is supposed to help create new security standards. On the other hand companies don’t view advanced security measures as attractive financially, and there’s no public awareness or outcry. The thing is, once electric devices go online they also start facing the same threats that loom over personal computers or smartphones today – although with less user control over the device and less security tools to protect against malicious abuse. Let’s face it, when our homes or our vehicles become vulnerable to outside infiltration, the results could prove disastrous.

iHLS – Israel Homeland Security

“The prevalent attitude is first the technology, then remembering to update security – usually too late,” this according to Amir Carmi from ComSecure, ESET’s representative in Israel. “Even security products like security cameras or infrared sensors aren’t manufactured with that kind of security in mind.”

As we all know, in business it’s all about the money, and private companies have no legal requirement or financial incentives to manufacture secure products. On the contrary, they want to maximize their profits as much as possible – which doesn’t contribute to security. “At the moment the advantage of these products is the huge variety of manufacturers. Each manufacturer has their own interface, sometimes vulnerabilities are discovered and sometimes not, with no single standard to bring them together – but eventually a unified standard must be created,” said Carmi. “Companies want to minimize costs – that’s the goal of every software and hardware manufacturer. If it’s hardware or some kind of device that enters mass production, I don’t want to develop its software with an operating system that I’ll have to develop, or deal with all the updates that I’ll have to develop for it in the future. I want to have a platform for my program to work on, and that platform – at least that’s how it looks right now – is Android, today’s most vulnerable mobile system.”