Security for the Internet of Things

Monitor_(medical)We are quickly headed towards the Internet of thing where billions of devices will be connected to the Web. The biggest challenge in making this a reality is figuring out how to make the IoT secure. The world today is full of hackers. There are those that hack to find financial gain. There are cyberwars where government-sponsored hackers launch major attacks. And there are just general hackers who do it for the fun of creating mischief.

Today web security is a cat and mouse game between the hackers and security experts. Our PCs need almost daily updates to fight against newly discovered viruses which look to get around the virus checking programs.

The biggest challenge we face is that most of the devices that will be connected are not going to have large computing power like laptops and tablets. Instead we will have thermostats and smoke detectors and security cameras and medical monitors all connected to our home networks. And these devices have very rudimentary computing power, meaning that our current methods of security can’t be used to protect them.

But protect them we must because causing harm to these devices can cause real world damage. Imagine during the latest artic vortex is some hacker had turned off millions of thermostats and furnaces. This could have caused widespread problems, large dollar damages and even deaths. I don’t even want to think what might happen is somebody can hack into people’s medical devices. Perhaps murder by hacking? As we tie more and more of our daily life into devices that are connected to the web need to find solutions for protecting them.

And hackers are already starting to take notice of the weaknesses in our devices. In Brazil over 4.5 million DSL routers were hacked by people looking for credit card and banking information. There is a computer virus called DNS Changer that is attacking home routers in the US. There are already worms that are attacking things like security cameras and other embedded devices.

Security experts are working on the problem and there are several thoughts on the best way to keep our devices safe.

Safer Firmware. Most devices are operated with software called firmware. The security idea is to put this software onto a part of the chip that cannot be addressed from externally. Basically code the chip and throw away the key.

Cloud Security. Another idea is to limit each device to only being able to communicate with one source. This might be a specific cloud. This feels like a big company idea for a fix and it’s a bit scary, because if somebody can break into the cloud they have access to all of the machines that talk to it.

Government Fines. Today there is nearly zero security even considered for companies building IoT devices. They use old versions of open source Linux and out zero effort into making their devices safe. The thought is to impose big fines on manufacturers of IoT devices that get hacked as an incentive for them to do better.

We have to fix this or else there is going to be some really huge examples of hacking into devices that are going to scare the public off IoT. As we tie more and more of our life into our networks we all need to know that we are safe from being hacked by those with malicious intent.

One thought on “Security for the Internet of Things

Leave a Reply