The “Mirai” virus redefined the way we think about security on the “Internet-of-Things” landscape. Image credit: Katie Barrett for unsplash.com / illustration by me.

IoT Security: Feed the beast or die trying

Javier Luna
Jul 28, 2017 · 3 min read

In a time where fact-checking, disinformation and fake news are everyday coins there’s one true fact which cannot be denied: IoT devices are not created with security in mind.

After last year’s Mirai malware hurricane-like attack that compromised roughly 500,000 internet-enabled devices worldwide such as surveillance cameras and recorders, one cannot help but wonder how the so-called “Internet-of-Things” monster will evolve (or de-evolve, if manufacturers don’t step up their game) in terms of privacy and security.

Big players like Microsoft are researching effective ways to bring high-value security to low-cost devices as they eloquently put it. Take Bosch’s holistic IoT security platform for example, where developers can test and assert vulnerabilities, encryptions and key protections for devices before they even hit the shelves. Prevention is the best medicine, they say.

Developing for connected devices: it’s everyone effort

End users and consumers rarely think about security when interacting with their own devices, is the developer’s duty alongside with the manufacturer to prioritize security from the get-go. Take governments for example, absent from this conversation, it still yet remains to see when they will start throwing regulations above makers heads. Are we proposing there should be laws against bad engineered IoT devices? That we should start developing security committees to avoid future threats? Not exactly but it’s time to start a serious conversation on how we can reduce huge risks on connected devices. A mandatory “security first” approach is needed within the engineering community and all players involve in the making of such devices.

Take governments for example, absent from this conversation, it still yet remains to see when they will start throwing regulations above makers heads.

Hack me once, shame on you. Hack me twice…

Jeep, Nissan, Mitsubishi, Fiat… the list goes on, they all had electric and hybrids units recalled by the millions. Would have been possible for them to avoid getting hurt in such a big way? Easier said than done, but what it is still surprising here is how the car industry got it so wrong, even with all the rigorously quality control they go through from the early stages up to assembly line.

Take Tesla, seen as the new kid on the block back in the day, and how they developed their first electro Roadster: during the first 2 months of production life in 2008, they produced three Roadsters before beginning a conventional series production, then delivered 27 cars to their first customers on September. By November that number went up to 70 and by December of the same year, they hit number 100th. A total of 2,450 Roadsters were sold between 2008 and 2012. Not really huge numbers but do you see the pattern? they were not aggressively aiming to dominate the market, they were testing it. With every new version, a new improved feature will come along. Sure, it took time until we actually saw a stable, solid and reliable unit but they knew how to capitalise on their failure.

Currently, Tesla welcomes and encourage the hacker community to engage in responsible reporting process to find vulnerabilities on their units. Maybe this sounds like the best road for the IoT industry to follow? Let’s welcome failure more often, especially at early stages, to develop more stable and secured connected devices.

Javier Luna

Written by

Writing on Tech. Photographer. Made in Buenos Aires, living in Germany.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade