Addressing Security Challenges in an IoT Dominated World
Adding connectivity with a degree of intelligence to household appliances gives rise to the Internet of Things (IoT). Integration of these inter-connected appliances, with our daily routine, inside our personal spaces, is resulting in smart homes, and the adoption is already exponential. Here is how we are addressing security challenges in an IoT dominated world.
Many industries are deploying the IoT concept, such as security and surveillance systems, home appliances, manufacturing, automotive, and recently we also experience numerous innovations in the HVAC industry (cielowigledotcom — HVAC tech). All players’ goal is to provide connectivity plus automation, resulting in comfort and even energy savings.
Smart homes promise an automated living experience, with in-built convenience and an efficient style of living. As per IDC projections in 2015, there will be 50 billion connected devices by 2020, with a market worth 1.7 trillion USD. This widescale acceptance of IoT is a fascinating part of the future. It bodes well for the times to come for the smart home industry. But with all good things, there is a catch. Security of data is the most significant risk to such large scale integrations. Moreover, preventing any backdoor entries into a secure home should also be an emphasis on IoT security.
Smart home devices’ mass use provides a larger pool for potential hackers and data attackers to target, resulting in a significant disruption of service, financial loss, and physical loss instead of promised convenience and energy savings.
Erosion of confidence in smart home appliances through security risks is a stark reality for the IoT industry. It would consequently lead to a slowdown in the adoption of smart home products by consumers.
Wi-Fi connected devices create a great volume of sensitive data, creating an inherent risk of data and identity theft, device manipulation, and server/network manipulation, and providing many avenues for hackers to exploit.
As per Open Web Application Security Project (OWASP), IoT vulnerabilities include inherent insecurities in the web interface, mobile interface, cloud interface, network services, and firmware. The vulnerabilities also include insufficiencies in authentication/authorization and security configuration. The lack of transport encryption, privacy concerns, and poor physical security also adds up to the list of vulnerabilities.
Limited memory and computational power of microcontrollers is another challenge that is unique to IoT. Both these components are essential to convert dumb appliances into intelligent connected devices. Implementation of security at the device level is a big problem for IoT solution providers. They have to keep in view the balance that needs to be maintained between the security and marketability of the end product.
Often, resource constraints within the design of the product do not allow sufficient computing resources, which are necessary to implement strong security. Consequently, many devices are unable to provide advanced security features. As a case example, temperature and humidity sensors cannot handle advanced encryption protocols and various security features.
Even over the air (OTA) updates are not utilized, with many IoT devices used in a “set and forget” mode. High-end manufacturers are the exception to this, though. They can provide regular FOTA updates and a robust security mechanism all the way from the cloud protocols to on-device safeguards. Other manufacturers are not so forthcoming, prioritizing low-cost development and a faster timeline for conception to sale.
Strategy to Mitigate IoT Vulnerabilities
An all-encompassing strategy is to mitigate any potential vulnerabilities from design conception to end product. Post-sale software updates are a critical part of aftersale support. Without being hampered by cost restrictions, a security-centric approach needs to be adopted. The strategy must include proven security practices, prioritization of security measures, and transparency across the whole eco-system.
Another major issue that needs to be addressed in the amalgamation of legacy assets with modern technology. The security challenges of today were not kept in mind when older generation devices were made. Outright replacing the legacy structure with new-generation devices is a very cost-prohibitive venture. This is why smart home providers are more focused on retrofitting already installed equipment with plug-and-play devices and sensors.
But the cross-link between a legacy device and smart sensor will inevitably leave a little gap in the proverbial door and can be exploited by those with malicious intent.
Time restrictions are also a cause for concern. Many smart solution providers only cater to updates for a few years, after which their after-sale support becomes only rudimentary. With devices running around for a much larger time period than support provision, this can be a security lapse. Achieving security at par with the current standards can be challenging without assistance from manufacturers.
A major component of security protocols and networking is industry-wide acceptance through well-established standards and procedures. Although multiple independent security frameworks operate in somewhat isolated bubbles, a single, comprehensive, industry-wide standard needs the hour. Major manufacturers and service providers utilize their own internal protocols.
To develop these protocols, a large number of resources have been put in. But smaller companies are at a disadvantage. They have to resort to making do with third-party frameworks, which are often not up to the mark. Moreover, they can also be incompatible with other major players in the industry. Due to this, not only is security an issue but also inter-operability.
Putting IoT Security Strategy Vehicle into Action
The IoT solution providers have to involve security issues at all stages of the IoT cycle. Emphasis should be on cybersecurity. Security begins at the design stage with a special focus on threat modeling, secure component selection, component adaptability to future security measures, and finally, resilience testing. The FOTA functionality is a must for remote updates, failure patching, and data protection in case of security breaches.
The options of standalone operations in case of connectivity problems can also give greater confidence to users. The manufacturer must also educate the users for setting stronger user preferences through user configurations.
The users on their part can reduce the risk of security breaches by using strong passwords for device accounts and Wi-Fi networks, use of stronger encryption method when setting up Wi-Fi networks such as WPA2, disabling the remote access to IoT devices when not needed, and disabling features that are not currently in use like location information.
Privacy is an Essential Part of Security
Privacy issues have lately been at the forefront of the discussion on networking. IoT has the potential to provide unprecedented amounts of personal information. Such information may land in the hands of information abusers. OEMs would need to provide privacy policies on how they handle such data. They should also adopt best practices to avoid reputational damages and adherence to regulatory requirements.
IoT is here to stay. The sooner this realization comes in -the better it is for both the consumers and smart solution providers.
A robust framework is needed by the industry to ensure that consumer confidence in IoT is not hampered in any way. Rather, the focus should solely be on providing the utmost in convenience and comfort to the world.
Addressing Security Challenges in an IoT Dominated World was originally published on ReadWrite on November 11, 2020 by Anees Ahmed.