In the race to gain marketshare by offering consumers the lowest prices for the connected devices they want and need, some important boxes are being hastily checked—or not checked at all. Security isn’t something that makes a device look sexier; it doesn’t necessary improve the user experience, and it doesn’t drive costs down. However, security is something that more connected-device manufacturers and platform providers must start prioritizing. If they don’t, it will create problems down the road.
Pepper IoT, an IoT (Internet of Things) platform and service provider, and Dark Cubed, a cybersecurity solution provider for small and midsized companies, recently partnered to raise industry and consumer awareness about security and privacy vulnerabilities in connected devices currently available at major U.S. retailers. The companies’ first initiative was to release the State of IoT Security Report, in which experts tested and analyzed security and data communications for a cross section of consumer IoT devices.
In the report, the researchers determined several of the devices tested were “painfully insecure.” Issues stemmed not only from a lack of device security but also from insufficient security on the platform level. The team also reports that a few of the smartphone applications designed to control the tested connected devices had intrusive access to users’ personal data. Other key findings include the fact that using cloud infrastructure did not mitigate security threats and that patching can’t fix the types of systemic problems uncovered in this particular investigation.
The takeaway from the Pepper IoT and Dark Cubed security report is this: Security must be a priority, and for too many manufacturers and retailers, it’s currently not. The IoT market is growing exponentially, and many established and startup companies are in a hurry to stake their claim in the space, but this is no excuse for letting security best practices slip through the cracks. In fact, Pepper IoT’s CEO, Scott Ford, likens selling unsecure connected devices to selling unsafe toys or tainted produce. At some point in the future, selling a device without thoroughly vetted security will be just as frowned upon.
To get devices up to snuff in terms of security, the entire IoT communications stack must be in on it—from device firmware to data encryption, the communications infrastructure, smartphone applications, and the platforms that store consumer data. Additionally, the State of IoT Security Report suggests the current lack of visibility into connected-device privacy and security is nothing short of dangerous. If consumers don’t have an easy way to determine whether or not a device and/or communications platform is safe, how can they make an informed decision?
Turning a blind eye on connected-device security is the wrong move. Even if, in the short term, disregarding certain security and privacy precautions benefits a business, it won’t benefit the business in the long term. The industry must work together to start infusing security into the IoT stack now, rather than waiting for a cataclysmic security or privacy-related event to prompt necessary changes. Regulation may also play a role going forward, as several pieces of IoT security and privacy legislation in the U.S. are currently working their way through the system, which could start encouraging more visibility and accountability.
Want to tweet about this article? Use hashtags #IoT #M2M #security #cybersecurity #privacy #data #connecteddevice #research #retail #manufacturing #legislation #AI #artificialintelligence #machinelearning #bigdata #blockchain #digitaltransformation