Towhidul Haque Roni – Software Engineering Senior Analyst, Accenture
Nowadays everybody is talking about Internet of Things (IoT) but not many are talking about its security. Suppose, your friend told you that, hackers will use your air conditioner (AC) to hack your facebook password. It may sounds very funny to most people. But in reality where IoT devices are continuously increasing and they are really sharing their information to each other including social media with authentication, it could be a common breaching scenario. It is the high time to be concern about the IoT security, especially for the device manufacturers, developers, service providers and network operators.
All of us have more or less idea about what IoT is. It refers to machines talking to each other which is known as device to device communications. Fifteen years back we were only concern about protecting our PC and about ten years ago we start to protect our smartphone, tabs etc. Now we have to think about the security of the smart watch and wearables, thermostats, cars, lights, refrigerators, home appliances. It is estimated that, within 2020, the number of connected devices will be exceeds 40 billion. These devices are very attractive to the hackers. For example, the baby monitor device can be hacked to watch unauthorizedly, provide access to others, change the settings etc. If they hack the connected car, they can be able to break the car in the middle of road or can open the door locks or accelerate the car unknowingly. Even in the worst scenario hackers can hack personal medical data or bank information from wearables.
At present we have observed that both manufacturers and the users are careless about their IoT devices. Device manufactures are in the race of releasing new devices or new version of the devices and they rarely provides the firmware updates for old devices. So, initially the device might be secured but later hackers found the loopholes and manufactures are not interested to update the old device, thus the door remains open to the hackers. On the other hand users are also careless, often they are too lazy to change the default password or upgrade the firmware or the OS of the devices. On PCs, smartphones or tables updates are happening automatically, but for the IoT it is still quite challenging.
A recent report from HP shows that, 70 % IoT devices are vulnerable to attack. We have to think about the security from the day one. We have to predict the lifecycle; also have to provide time to time security updates. Authentication system must be improve without compromising the user experience. IoT network should be secured from the device to the back end system on internet including end point features such as antivirus and antimalware. Another most important concern is data encryption. Data should be encrypted with standard cryptographic algorithm though out the networks.
There is no doubt that IoT is the next future of IT, but the security risk of these IoT devices can’t be ignored. It is the high time to think about the IoT security to make our future life secured and hassle free.