The expected growth of the global Internet of Things (IoT) market will lead to more security risks as hackers are presented with a greater surface area to compromise. This is according to Dave Worrall, CTO at Secure Cloudlink, a cloud security software company. He argues that passwords as a means of authentication have not been updated to cope with the rise of IoT and an increasingly digital economy. Hence, they must be eliminated from the IoT equation.
Dave Worrall says: “With any rapid technical revolution, such as IoT, security is often the last element to be updated. This, combined with the huge growth of cyber-crime and with lot’s of newly connected devices, opens up a world of new opportunities for hackers, many of which the end user will be completely unaware of. There are counless scenarios where this will be the the case. Smart homes, that are filled with connected devices, are loaded with possibilities for hackers. Take a smart fridge for example, this will have access to personal information and, potentially, payment details. If it’s authorsing payments on the users’ behalf, hackers can exploit this device and steal the user’s credit card information. Smart buildings are another example. As these premises are controlled by IoT, as opposed to office maintencace staff, these buildings will be vulnerable to hacks, be it to gain illegal entry or to steal company data.
“What’s most worring is that some users will be completely unaware if they have fallen victim to a malicious hack, at least until it is too late. For instance, take a hacker targeting your bank account. By the time you realise that you’ve been hacked or money has been moved, the hacker has gone. With IoT they will have used your fridge to deliver food somewhere else, told your car to get a service in a certain location and then stolen it, even emailed your children’s school to tell them someone else is collecting them today. This is a distressing scenario that could, unfortunately, become a reality if IoT security is not taken seriously.
“2016 showed us that existing security features are not fit for purpose, with some of the biggest data breaches in history taking place. Considering that the increase in IoT will present hackers with a greater set of parameters to try and compromise, flaws within this form of technology must be addressed immediately before they spin out of control. To this end, the weaknesses of passwords will become even more apparent as they become proliferated across a larger number of connected devices.
“Put simply, designs that were once appropriate have not been updated to keep up with today’s increasingly digital and connected economy. It only takes one password to compromise an entire IoT network, therefore changing this more regularly is simply not enough, especially considering that passwords are still one of the most common causes of data breaches. With the effectiveness of passwords continuing to deteriorate, what’s needed is a security solution that requires no passwords at all.
“Once the access mechanism is secured then the data transport mechanism must also be addressed. If you can’t break into the IoT device then the data that’s transmitted between devices will be the next target. This must be securely encrypted. Too often product development timescales mean secure access, transport and communication is not addressed as standard layers of security create performance overheads which interfere with product functionality.”
