Security starts at home – security and the IoT

The Internet of Things has exploded on to the market and into our homes. Rob Horgan asks the Channel what security risks arise from the rapid desire to be more connected and what solutions are being offered.

The fear of hackers accessing our personal data has never been so prevalent. High-profile data leaks, numerous TV programmes (think Mr Robot or Black Mirror) and an abundance of C-list celebrities’ nude selfies doing the rounds on Twitter has only fuelled the legitimate fire of internet security concern. In fact, a recent report by Gigya recently found that as many as two-thirds of UK consumers are worried about the security of connected devices. 

However, despite the genuine desire to keep hackers at bay, most people usually only think about propping up their PC and laptop defences. But with all manner of new technologies being rolled out with smart capacities, the hacker’s way into the home has become multifaceted. Be it smart TVs, cameras, printers, or even boilers and kitchen appliances, if it is hooked up to the internet, then a hacker can use it as a key into a consumer’s private data, if it is not properly secured from the point of installation.

Ian Marsden, CTO at Eseye believes that the ‘cyber threat has never been greater’ than right now. “The simple fact is that more ‘things’ are now connected to the internet than ever before. The continuing spate of attacks have therefore shone a bright spotlight on IoT security – highlighting it to be both weak and ineffective. It’s an issue which the industry has taken seriously for some time, but a sharp rise in both incidents and media headlines will naturally propel the problem up the chain.”

He added: “The crux of the problem stems from the physical time and associated cost involved in IoT deployments around the secure provisioning of devices, and how we get a device onto the network. This has historically been a daunting task, often to the point of impossible.

“In an industry which is at the forefront of innovation, the inability to defend against security threats simply cannot be allowed to hold back the potential benefits which could be yielded from the development of creative IoT prodcuts and services.”

The varied nature of devices that are connected to the network poses a real security threat if not addressed properly. A large part of the problem stems from the fact that a large number of smart (or connected) products aimed at the general public lack any kind of sufficient built-in protection. Many connected devices arrived quickly to market without meeting a rising demand for security features such as encryption or even basic password settings. 

“The inability to defend against security threats simply cannot be allowed.”
Ian Marsden, Eseye

And with most users unlikely to have any technical skills or knowledge of how to buff up their own defences, this lack of security has presented a gateway for cybercriminals. 

The answer to the IoT problem is now being tackled by security experts. As Paul Harman, director at Westcoast Solutions explained: “The security risk the IoT creates through vulnerability in many of these low-cost connected devices, creates huge upside for the Channel to sell services and solutions in this space.” 

Principal security researcher at Kaspersky Lab David Emm believes that both consumers and manufacturers need to be aware of security threats to IoT products in order to tackle the problem.

“Unfortunately, if smart devices aren’t secure cybercriminals can take control of them,” Emm said. “Until recently, this seemed like the stuff of sci-fi movies. There are some basic practices that should be followed by everyone, from individual consumers to the largest global enterprises. These include: using strong passwords, regularly checking for and installing software updates, and implementing appropriate security software.

“There is also a role for the manufacturers of connected products and the security industry. We need to work together to ensure that strong protection and patch management is designed-in from the very start. Once a product is on the market, it is already too late.” 

He added: “There’s also a role for governments, in developing security standards for IoT devices. We’ve all come to expect that everyday objects – children’s toys to furniture – come with certification marks indicating that they are physically safe. In future, this will have to extend to digital objects and IoT products also.”

Consumer security company BullGuard is one such firm working to secure IoT devices within the home market in particular. CEO Paul Lipman, said that it is ‘focused on protecting the smart home’ from malicious hackers. He said: “We are set to launch in the US Dojo by BullGuard very soon, followed up by a release in Europe which will revolutionise the market. 

“When it comes to IoT, consumers absolutely need protection given the parlous state of device security. But it is not just device security that is a concern, privacy is also a major issue for consumers. Hackers can run a rail road through privacy in the home and some device manufacturers also think it’s OK to cull all sorts of private data without user consent.” 

Lino Notaro, retailer sales director at TP-Link UK, also sees the rise in IoT breaches as an opportunity to create better security packages for consumers to feel more comfortable with connected home devices. However, instead of securing each device with personal security settings, TP-Link is working on securing the network as a whole to prevent attacks. 

“If smart devices aren’t secure cybercriminals can take control of them.”
David Emm, Kaspersky

“Connectivity isn’t new but IoT devices are,” Notaro said. “This presents new opportunities for hackers and there is currently no security software available on the market for your household devices. One alternative is to put the security onto your router. The TP-Link’s mesh router, Deco M5, launching in the UK in June, has a feature called HomeCare. 

“This is built in anti-virus protection from Trend Micro which means that within minutes of going live malicious urls are blocked from entering your home. In other words, you no longer need to purchase separate AV solutions for each of the devices in your home, the router blocks threats at your front door. As home owners buy and install more and more smart devices, we expect to see a lot of demand for a single router to streamline what can be a complex network.”

Notaro also believes an IoT standards committee should be put in place to ensure unsafe products are not rushed to market. “IoT encompasses so many devices and the industry has yet to ‘settle’ on one IoT standard,” he said. 

Whichever way you look at it and whoever you talk to, the growing IoT market is most certainly going to lend itself to the need for greater online security. As consumers continue to connect their toasters and dishwashers to their iPads and iPhones, it will be up to the security firms to keep up with growing innovation. Security companies could perhaps benefit the most from the IoT revolution, with millions – if not billions – to be made over the next five to 10 years. 

Check Also

Feature: Why it’s time to remove local admin rights for the safety of organisations

By Andrey Pozhogin, Endpoint product manager at CyberArk.   The idea of removing local admin …