Security in the IoT world is a major concern that we should all have. While we are still struggling to make our mobile and apps secure, IoT field is even a more challenging one. Let see why and how we can ensure that our data stays personal.
Many reports are alarming, such as the latest HP Fortify study.
Why IoT security is harder?
- First of all, the IoT is creating a lot of data, way more than the mobile world. More data means more interest for hacker and unscrupulous organizations. Who are getting more value out it, thus motivating them to invest time and efforts in research and tools.
- The second reason is the small factor, since the hardware needs to fit in the objects it empowers, most of the manufacturer opt for small, cost-efficient hardware which have limited power. With this limited processing power and memory, every operation has a cost and should be reduced to it’s minimum. So communication and data encryption are often the first to suffer.
- Because IoT devices sometime operates within small ranges (Bluetooth-like ranges) the perception of security is modified. Most users and manufacturers consider that because a hacker should be very close to the device in order to compromise it, compared to computers and servers that can be hacked from anywhere. So less efforts are made to heavily secure the products.
- The pace of the economy around IoT is also another factor. Since companies are rushing to make their products available to the marked, they often don’t rely on exhausting testing activities.
- The technologies used in IoT are very new (Communication, hardware, software..). Some of them not completely mature and even fewer designers and developers are aware of the limitations, vulnerabilities nor trained to use security best practices.
- Building a reliable update system to ensure all devices are patched against newly discovered vulnerabilities require a lot of effort, which is why not all the manufacturers propose an easy or automatic way to keep devices secure.
- Finally the biggest challenge still remains the heavy cost of security testing and solutions. Companies are assessing risks from they perspective which are sometime more profit oriented than customer oriented.
How to reduce risks while still enjoying IoT?
Let’s be honest, the IoT world is so much fun and full of possibilities that it would be hard to totally avoid it. However there is some simple and easy advice that could help you to reduce the risks of being hacked:
- Prefer open source than closed source solutions. Even if companies are big and allow budget into testing, nothing is as efficient are leveraging the community to review the code and design. That’s why open-source solutions have an overall better security.
- Avoid beta-versions and rushing startups who will certainly go down some shortcuts in order to deliver on time or on budget. Beta versions will also include additional risks since the product might not be fully completed.
- Choose carefully the manufacturers, not only looking at the price tag, but reviews and eventual testing reports.
- Often keep informed and look at the news, and be ready to react (change passwords, delete data…)
Security in IoT might get worse before it gets better, so let’s be responsible about the way we use it.
Let me know if this is a topic that interest you and I will be posting more about it.