Securing everything: the risks posed by the Internet of Things

Sensing danger

Internet of Things

Every once in a while, a hot new topic hits the security industry and works its way into the media; cloud computing, big data, Facebook scams, and Android malware are all recent examples of such topics that have mutated into buzzwords.

These buzzwords transform into common, everyday realities that can offer both major advantages as well as pose very real and present danger.

Right now, there are two key technology topics that are both thought-provoking and headline-worthy: the Internet of Things and connected homes.

Article continues below

The term "Internet of Things" refers to uniquely identifiable objects and their virtual representation in an internet-like structure, while "connected homes" reminds us of how devices are increasingly integrating into almost every part of our daily lives.

Mass interest

Why do these topics interest the security industry? The key reason is the sheer magnitude: Gartner estimates we will have more than 26 billion such devices by 2020, while ABI Research predicts the existence of 30 billion by this time.

With connected devices including fire detectors, smart cars, wearable technology and energy meters and the list set to explode, unauthorised access to these devices has the potential to cause serious damage.

We would expect such devices to be able to assess their own integrity, determine malicious changes and remediate those changes with little or no human intervention. After all, there will be far more of these devices than there are humans to supervise and fix them in the future.

Managing risk

However, there is also another aspect to the risk. For more than 20 years, the security industry has been evangelising that we will eventually run out of public IPv4 addresses.

Despite the limit, online businesses have been slow to adopt IPv6, which has an abundance of addresses by comparison. Several risks are involved with IPv6 that aren't yet addressed and we can easily see that the Internet of Things will make use of IPv6 addresses.

We now have the magnitude of the problem and the risks, but what is missing? Put simply, it is security. These devices currently include little to no security measures and the manufacturers are doing the same thing that companies did years ago when they were making unintelligent pieces of equipment designed to do one thing without a thought to security.

Examples of failure are just starting to show up. By the end of the year, we predict that we shall see a wall of shame of IoT manufacturers who have failed to integrate security into their devices.

The solution to the issue of security is unclear currently – but we can guarantee that several big players are currently working intensely on finding one.

  • Catalin Cosoi is the Chief Security Strategist at Bitdefender. Bogdan Dumitru is Chief Technology Officer at Bitdefender.
  • Bitdefender is a global security technology company that delivers solutions in more than 200 countries through a network of value-added alliances, distributors and reseller partners.