A Closer Look At IoT Security Threats And Breaches

Muchaneta Kapfunde | @FashNerdEditor

“Internet Of Things (IoT)- the interconnections of uniquely identifiable embedded computing devices within the existing internet infrastructure.

When it comes to IoT Security, it was a challenge was first taken up by the early adopters of IoT, whose initial excitement had an underlining of scepticism over security. Why? Because it seems that developers are not taking into account that the more devices connected to the internet the higher the risk to our safety and security. As stressed by many, security cannot be an afterthought, consumers need peace of mind before they can invest in a technology that allows them to “live like the Jetsons”.  Consumers cannot afford to wait for a catastrophe to happen first before the powers that be decide to take the required measures to lock IoT security down with strict guidelines.

Joshua Corman, founder of I Am Calvary, puts forward a strong point, “if it’s got software, it’s vulnerable, and if it’s connected, it’s exposed”. You have to remember that as our dependence on connected technology grows, it is important that the security matches that growth or else we will be faced with an IoT security problem with no clear solution. That’s why I think that it is imperative that we, the consumer, need an authority that we can turn to should we need too. It is this authority that will lead the way and ensure that safety will always be at the forefront of IoT developers.

Internet-of-Things-security-questions

Some of the major key players who are acknowledging that when it comes to IoT, security is a matter of great importance. At CES, Samsung CEO BK Yoon not only shared the significance of a shared understanding that can be achieved with open platforms and integrations but he also urged caution, “IoT must be secure- security must be baked into hardware and software at every level. Our whole industry must work closely together to make that happen”. Samsung who acquired Smart Things, an IoT company, in August 2014 have acknowledged that security of IoT is something that needs to be explored.  Wi-Fi chip maker Electric Imp has tackled IoT security issues by coming up with a secure toolkit that is perfect for companies who do not necessary have the resources to do the security themselves. CEO and co-founder of Electric Imp Hugo Fiennes states “companies who build products can make use of the security work we’ve done, because you can’t add security to an insecure system”.

There is also the argument that “only after disaster can we be resurrected” (Chuck Palahniuk). Implying that for IoT security to be taken seriously it might first need to hit rock bottom giving developers a second chance to create a better IoT device. This is an argument that I must strongly disagree with because the security of our personal data should not be treated like a learning experience. Developers need to take on board that security cannot be something that can be added after the fact. We have to remember that “around the turn of the century, the Cuyahoga River caught fire, and that’s why we have the Environmental Protection agency, let hope that we don’t have a ‘cyber-Cuyahoga”

cloud-storage-1000x450

Besides security, another big issue being raised in IoT is privacy. In 1999, Sun Microsystems’ CEO Scott McNealy infamously declared; “Privacy is dead- get over it”.  Sixteen years later, I wonder, was McNealy right? With these words still ringing in many ears, I fear that have we have knowingly allowed our personal data to be sucked, tracked and scoured through internet vendors that trade in personal data like Facebook and Google. The result now being, our cries for privacy are falling on deaf ears. In a world where a billion devices are connected should we not be worried that these systems and services are exchanging our personal data?

I am sure that as we enter the era of Persuasive Computing* that this new hyper connected world will decrease our privacy, and potentially make it worse. Why? Because logically the increase in data volume and complexity results in less control, which will potentially leave consumers in a position where their beloved chips, sensors and wearables seal their privacy fate. Sounds quite bleak but there is light at the end of the IoT tunnel. The advantage of Persuasive computing is that it makes the issues of privacy readily apparent so therefore the users (consumers) can be in the driving seat and take up the opportunity to control their own personal data.

image1_largeThat all being said, I do wonder though, when it comes to privacy can we only embrace this next generation of technology if we adapt?     Will relying on the government to protect our privacy be like asking a peeping tom to install our window blinds? (- John Perry Barlow)   Should we have to give up our privacy and become bound by ‘their’ (dominant vendors) code? I really would like to believe that when it comes to IoT Privacy, that we will be able to fight for our right to some privacy instead of the issue becoming everyone’s Achilles heel. With security and privacy quickly becoming the sacrificial lamb in the tech industry, I can only hope that the outcome will be a #TheKillerDevice** that will make it all about us, the consumer. Will it be something like the iPhone, a technology that broke the mould when it introduced the concept of a multi touch interface smart phone to a generation in need of something fresh and new? I think simplicity and usefulness are key when it comes creating a consumer friendly IoT device. Brett Dibkey (Vice President of Whirlpool Corp) put it best when he said, “the home adapts to the way consumers live rather than the other way around”.

“The Home Adapts to the Way Consumers Live Rather Than the Other Way Around”

At the moment the IoT market is offering us smart thermostats and washer/dryers that utilize Wi-Fi for remote monitoring. Samsung “the biggest technology company in the world” (Venture Beat) is betting its entire future on ‘IoT’. At CES Yoon announced that IoT “is no longer a pipe dream”. Samsung are positioning themselves to corner the IoT market by planning to invest $100m into the developer community through the funding of start-ups including their very own incubators.  Yoon wants Samsung to kick-start an Internet of Things revolution, with the promise that in about 2 years (2017) 90% of Samsung devices will be IoT ready and in 5 years (2020) 100% will be compatible with IoT.

Feel free to add to this article by sharing in the comment section below.