There will be over 20 bil­lion con­nected de­vices in the world by 2020, and Cy­ber In­sider be­lieves man­u­fac­tur­ers should be pay­ing a lot more at­ten­tion to their se­cu­rity

We’re head­ing for a two-tier IoT, with man­u­fac­tur­ers run­ning their own net­works, but what does this mean for se­cu­rity and prod­uct choice?

Computer Shopper - - CONTENTS -

AC­CORD­ING TO GARTNER, the an­a­lyst firm, there will be 8.3 bil­lion In­ter­net of Things (IoT) de­vices in 2017, rapidly ris­ing to 20.4 bil­lion by 2020. When we think of IoT de­vices, our minds wan­der to con­sumer prod­ucts: se­cu­rity cam­eras, alarm sys­tems, smart light­bulbs and the like. In­deed, this area is go­ing to be the big­gest, with 5.2 bil­lion de­vices con­nect­ing this year.

As big as con­sumer IoT de­vices are, that means there are three bil­lion-odd busi­ness de­vices, and grow­ing. Don’t think of this as just prod­ucts in­stalled in a cor­po­rate en­vi­ron­ment, but prod­ucts used by a busi­ness.

F-Se­cure re­cently told us that it be­lieves the fu­ture of IoT will be split down the mid­dle, with many prod­ucts likely to have an in­ter­net con­nec­tion solely for the man­u­fac­turer’s pur­poses. For ex­am­ple, a wash­ing ma­chine may have a small mi­cro­phone in­side, trans­mit­ting data back to the man­u­fac­turer. Should any strange noises be de­tected, you could be con­tacted about need­ing a re­pair, pre-emp­tively fix­ing is­sues be­fore they be­come a ma­jor (and ex­pen­sive) is­sue. Data is also ex­tremely valu­able, and by mon­i­tor­ing their prod­ucts, man­u­fac­tur­ers may be able to de­velop bet­ter ones or tweak fea­tures based on how peo­ple ac­tu­ally use a prod­uct.


There are other ben­e­fits, too. By be­ing able to send firmware up­dates, man­u­fac­tur­ers could im­prove prod­ucts, or set them to de­tect prob­lems. A re­cent ex­am­ple is a pacemaker man­u­fac­turer who dis­cov­ered a flaw that could cause some mod­els to stop work­ing. Rather than hav­ing to per­form in­va­sive surgery on ev­ery per­son fit­ted with a po­ten­tially dam­ag­ing pacemaker, the de­ci­sion was taken to per­form a firmware up­date in­stead. Should the er­ror con­di­tions be de­tected, the pacemaker would emit a beep­ing sound let­ting the owner know that they’d need a re­place­ment be­fore the unit stopped work­ing.

This type of up­date could eas­ily be ex­panded to other prod­ucts. Given the re­cent Gren­fell Tower dis­as­ter, which was started by a faulty fridge, imag­ine a world where a firmware up­date could have been ap­plied to watch for prob­lems and ei­ther send a warn­ing or, even bet­ter, shut down the unit au­to­mat­i­cally.

From a man­u­fac­turer’s per­spec­tive, these fea­tures are only use­ful if your de­vice is con­nected to the in­ter­net. Re­ly­ing on con­sumers to do the job for them via Wi-Fi won’t work. It’s sim­ply too much has­sle for con­sumers, with too lit­tle per­ceiv­able ben­e­fit. In­stead, we’re likely to move to a sit­u­a­tion where IoT de­vices have in­te­grated mo­bile, talk­ing via 5G (or other pro­to­cols) au­to­mat­i­cally to the man­u­fac­turer’s servers.


This in­tro­duces a new se­cu­rity dy­namic and some other is­sues. If your IoT de­vice was hacked, it would have no im­pact on your own home net­work and present no se­cu­rity im­pli­ca­tions for your data, but there are other risks.

It’s pos­si­ble that a tum­ble dryer could be hacked, turn­ing on its heat­ing el­e­ment per­ma­nently, and caus­ing dam­age or even a fire. Then there’s the pos­si­bil­ity, ac­cord­ing to F-Se­cure’s Sean Sul­li­van, that a man­u­fac­turer would get its back-end sys­tems at­tacked, with the hack­ers threat­en­ing to brick all con­nected de­vices un­less a ran­som was paid. That would be a night­mare sit­u­a­tion for all in­volved – imag­ine pay­ing for a fridge only for it to turn it­self off be­cause of a cy­ber at­tack.

Clearly, the IoT opens up lots of ex­cit­ing new pos­si­bil­i­ties, but it also opens up a new world of un­cer­tainty. If your man­u­fac­turer was hacked and your fridge shuts down, does the war­ranty cover it? If your wash­ing ma­chine takes part in a de­nial of ser­vice at­tack, is it your re­spon­si­bil­ity? Should man­u­fac­tur­ers even have the op­tion to hook up your de­vices to the in­ter­net in the first place?


In my opin­ion, the ben­e­fits that IoT can of­fer are out­stand­ing, but we need man­u­fac­tur­ers to take se­cu­rity se­ri­ously from day one. In the cases I’m talk­ing about, you won’t have any con­trol over se­cu­rity, so ev­ery­thing falls out­side your power. That means when we buy prod­ucts in fu­ture, we’ll no longer be just con­cerned with price and re­li­a­bil­ity, we’ll also want a se­cure de­vice, too.

In turn, this means that gov­ern­ments need to take se­cu­rity se­ri­ously and push firms to man­u­fac­ture prod­ucts that meet cer­tain guide­lines. After all, elec­tri­cal prod­ucts have to have the CE sticker on them that proves they’re elec­tri­cally safe, so why not have a sim­i­lar in­de­pen­dent rat­ing scheme for in­ter­net se­cu­rity? For too long man­u­fac­tur­ers, par­tic­u­larly the ones of cheaper goods, have sac­ri­ficed se­cu­rity to keep the price down, but that’s an im­pos­si­ble sit­u­a­tion to main­tain.

We’ll also need leg­is­la­tion to sit be­hind all these prod­ucts so that a prod­uct that breaks due to a cy­ber at­tack is cov­ered by some kind of ex­tended war­ranty. It’s sim­i­lar to how man­u­fac­tur­ers have to per­form a se­cu­rity re­call, re­gard­less of age, should a se­ri­ous fault be de­tected.

If we get things right now and work with gov­ern­ments and man­u­fac­tur­ers, then we can start to reap the ben­e­fits of the IoT at all lev­els in safety.

If your wash­ing ma­chine takes part in a de­nial of ser­vice at­tack, is it your re­spon­si­bil­ity?

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.