IoT Devices Come with an Unwanted Gift
Fri, December 3, 2021

IoT Devices Come with an Unwanted Gift

Security threats are the "gifts" you didn't ask for in an IoT device / Photo Credit: Blue Planet Studio (via Shutterstock)

 

Did you receive an IoT device during the holidays? If so, you will most likely find it useful, but George Platsis of cybersecurity news website Security Intelligence said it also came with another “gift”: security vulnerabilities. IoT concerns are a part of life and we can expect more to appear as technology advances. There are issues associated with IoT devices. However, they do not differ from the security risks we see in other devices. In 2014, the Open Web Application Security Project (OWASP) compiled a list of IoT vulnerabilities to help consumers, developers, and manufacturers make better decisions about their IoT systems. 

The OWASP’s 2018 Top 10 IoT security vulnerabilities comprised of weak passcodes, insecure network services, insecure ecosystem interfaces, lack of secure update mechanisms, using insecure or outdated components, poor privacy protection, insecure data transfer and storage, poor device management, insecure default settings, and poor physical security hardening. How can we deal with these risks? Dan Geer, a computer security analyst and risk management specialist, stated that IoT devices should be developed to be “ephemeral in nature,” meaning the devices should have a short lifespan. The rationale behind Geer’s idea is that due to a lack of updates for IoT devices, they should be offboarded before they become an unmanageable threat.  

Geer’s approach should be considered since the manufacturing costs of IoT devices continue to decline. Let’s think of these devices as “disposable.” So once the IoT devices have been used to capacity, you could either recycle them or find a replacement. The disadvantage of this approach thus far is that good code doesn’t come cheap unless we get a certain “type of economies of scale for code.” However, certification is one way for us to address security risks immediately. 

Yes, certification is no easy task. In fact, the industry needs to work together and create standards such as security by design principles. The implementation of these standards also comes with costs. Despite that, enabling the industry to arrive at a common ground regarding security and safety standards for IoT devices seems to be the optimal long-term solution to IoT vulnerabilities.