IoT Security … Meet RED … and Security By Design and By Default
We had an open day over the weekend, and I rolled out my CCTV device, some toys and a few other gadgets. With every device we have tested, there has always been a major security and/or resilience weakness. It seems as if security is an afterthought in device design, and that ease of setup (and the cheapness of devices) seem to be key drivers.
One of the devices I demo is Cloud Pets, and where it was found that virtually every Bluetooth-enabled device can connect to them by Bluetooth. Also, it was found that every conversation between parents and their children had been recorded and stored in an unprotected way on the Amazon S3 cloud:
I also demo my cat feeder, and which failed to secure the streaming video from the camera. Along with this, it failed to feed the pet when the network connected failed:
Here is part of the demo that I give in my presentations:
