Device security must be at the heart of Internet of Things development

'It is critical that businesses integrate security early in the evolution of the process'

The Internet of Things refers to the expanding network of interconnected, internet-enabled devices. Driven by miniaturisation, the affordability of components such as cheap Bluetooth sensors, and the growing ubiquity of technologies such as Wi-Fi, it is now possible to connect devices in a way that would never have previously been thought possible.

This means that controllers for central heating, lighting, a variety of household appliances from the fridge to your home security system, your satellite TV box, desktop, laptop, mobile and tablet have the potential to be talking to each other, communicate to a variety of third parties and be controlled from a centralised device. This level of connectivity offers a plethora of opportunities to propel us to a more sustainable, energy efficient society as greater control, analysis and insight is presented to consumers and businesses.

>See also: Next big thing: Preparing for the Internet of Things in the enterprise

It’s an opportunity that some of the biggest names in technology have already jumped upon. Apple recently introduced Homekit, a platform that will co-ordinate various third-party home automation accessories, allowing users to unlock doors or turn on and off lights via an iPhone.

Google, too, demonstrated its interest by paying £1.9 billion earlier this year to buy Nest Labs. Already well known for its connected thermostats and smoke detectors, Nest is currently investigating a slew of other applications related to the home – everything from health tracking to security systems.

A window of opportunity for criminals

This is great, in theory, but it should come with a caveat: the more devices that become internet enabled and the higher the level of connectivity between those devices, the greater the opportunity is for hackers to cause damage and disruption.

If people simply start connecting an increasing number of devices to the internet without truly considering security implications, they could hand hackers the opportunity to cut their electricity, flood their homes and pry deeper into their private lives.

Indeed, the first reported attack has already been witnessed, which exploited both ’smart’ household devices and conventional computers. Late last year more than 100,000 consumer devices, including an internet-connected refrigerator, smart TVs and multimedia hubs, were exploited to send more than 750,000 spam and phishing emails.

The majority of the devices used in the attack were not infected by malware, but were simply left open so that attackers were able to use their IP capabilities to relay spam and infected emails. But this incident highlights just how resourceful attackers have become in using unconventional, but effective, attack vectors.

Now that attacks against these smart devices have begun, they will only escalate and securing this explosion in device numbers will be critical. It goes without saying that if an increased threat level is posed by the Internet of Things, a wider spectrum of manufacturers are going to have to consider providing a product that both connects and is robustly secure.

>See also: Securing the Internet of Things: is the web already breaking up?

However, this will not be straight forward due to the limited processing capability and on board memory that many newly connected devices will have.

This severely limits the scope for conventional security such as data encryption, leaving newly connected devices in the security dark ages. For instance, as things stand, security will rely upon users changing passwords and other settings away from defaults, and ensuring the devices are not left open – in the same way that people are recommended to protect their home WiFi networks.

Given the increased stakes, relying on such primitive security is likely to be futile in the battle against cybercrime. A new generation of security will be required to protect connected lives, and manufacturers will be tasked with adopting a new generation of protection: embedded security.

Embedded security is the concept of reducing the data footprint of more robust security technology, enabling them to be embedded into the appliance without any impact on processing speed.

This would facilitate the installation of network-based firewalling, web filtering, application control and encryption capabilities within a very small storage and memory usage footprint, enabling secure networking for a wide variety of devices. The upshot of this would be a range of devices operating on distributed but secure environments.

This kind of advanced security technology will enable IT and communication equipment manufacturers to achieve competitive advantage, differentiation and higher margins for their products by embedding security into IP-enabled equipment such as routers, switches, access points, electricity meters, household appliances and vehicles – in fact, into any device that connects to the internet.

Clavister’s advanced solution is an excellent example as it enables vendors to utilise existing spare computing power in devices to apply comprehensive network security, using the minimum of extra processing power and capacity.

>See also: IoT will become the Army of Things in fight against cybercrime

The possibility that devices in our homes will become increasingly connected and entangled may seem farfetched and the prospect of a criminal using nothing more than a computer to flood a home an idea from science fiction.

As outlandish as the concept of the Internet of Things may sound, it is inevitably going to come – as is the increased threat from hackers.

It is therefore critical that businesses integrate security early in the evolution of the process, to ensure maximum protection against interception, tampering and attacks. Failure to do so might just be catastrophic.

Sourced from Jim Carlsson, CEO, Clavister

This article is tagged with: