The promise of IoT continues to be a hot topic. Businesses and consumers dream about how wireless, connected devices will bring an ongoing array of gadgets, conveniences and efficiencies. As developers work hard to keep pace with the demand for innovation, many are also kept up at night with one key topic: IoT Security.
What happens when an unauthorized user takes control of a consumer or business device? This possibility poses risks for everything from the smart car to national security, and the concerns are valid.
As we find ourselves in 2017, both wired and wireless Internet connections have introduced a multitude of IoT ingress points for hackers. Whether it’s the individual computer genius in a dorm room or syndicated malicious attacks - some potentially state-sponsored by foreign governments - it’s time to move the security conversation forward.
The most prominent recent incident was the “Dyn attack,” where some 100,000 consumer IoT devices (originally reported as “tens of millions”) served as a gateway for a massive distributed denial-of-service (DDoS) botnet attack last October. The resulting Internet traffic jams inspired vendors to take a new look at vulnerabilities in their IoT networks.
In this particular case, residential dual-band gateway routers were the vulnerable point. Most often, consumers adore “set it and forget it” technology. It’s easy to pick up an inexpensive router from Best Buy, perhaps an easy-to-use Cisco or D-Link device which may default to a 192.168.0.1 address. For many households, the default login may be “admin” and the password is equally predictable. With so few variants, hackers can easily harvest a tremendous amount of access through these open gateways, which is a recipe for disaster.
So in 2017, I believe we’ll see an abundance of awareness on improving those practices. Security is not just the developer’s responsibility, but it can be mitigated at the consumer level as well. We’ll see much more education about changing passwords and remaining vigilant to safeguard at every level.
And while the Dyn attack may have largely affected the consumers, imagine a similar scenario and how it might affect life-and-death IoT applications, such as the need for steady IoT connectivity for real-time healthcare monitoring.
In 2017, we expect to see significant attention - and funding – into the commercial and industrial security of IoT. Progress will be made in both the investigatory areas as well as new technology deployments. Traditionally security has required a significant amount of endpoint investments. But the new success stories may come in areas where security can be built around chip-level security tokens.
The heightened demand for security may also drive new opportunities for some of the relatively slow-growth areas of the past. While IoT innovators in asset control, supply chain and cold chain related services have less sizzle than consumer-based applications, these providers may see increased interest as businesses work to decrease vulnerabilities in 2017.
Stay tuned to this blog as we keep a keen eye on security development and protocols as new standards and devices are introduced throughout the year.