THE RACE IS ON
Is the Internet of Things growing too fast and, in the process,
undermining attempts to make it more secure? By Neil Tyler
Whether it’s reports on
multiple glitches in smart
home technology, smart light
bulbs being hacked to obtain Wi-Fi
credentials or hackers taking control
of apps and obtaining location and
personal details, is the Internet of
Things simply growing too quickly? Is
that explosive growth leaving users
vulnerable to hackers?
According to Matt Walmsley, Head
of EMEA Marketing at Vectra AI, “The
exponential growth we are seeing
in terms of the IoT - whether in the
consumer or industrial space - simply
means that the available attack
surface is growing.
“Design engineers have to ensure
that devices are accessible from a
network or are capable of connecting
to the Internet, and that brings with it
a host of security risks,” he warns.
For many manufacturers the IoT,
while certainly bene cial, has been
a source of disruption and the headspinning
pace of change has proved a
challenge. Companies, however, have
no choice but to embrace the IoT and
as such can’t ignore security.
According to Rusty Carter VP at
Arxan, a specialist in application
security, “The security challenge is
growing. Gaming and digital media,
for example, have frequently been
targeted by criminals and now
those attackers are moving against
‘connected’ things in both the
consumer and industrial space.”
Despite the associated risks design
engineers, in terms of both hardware
and software, tend to be focused on
delivering business functionality.
“Their expertise and sense of
urgency is about delivering business
value. Software and hardware are, by
their very nature, going to be imperfect
and even the best coded applications
can fall victim to reverse engineering,
which can lead to additional
weaknesses being identi ed,” says
Carter.
The ability to steal or even replace
code, means that an application can
end up doing something that it was
never intended to do.
Walmsley makes the point that
the speed of innovation is certainly
increasing levels of risk.
“Some companies are putting the
onus on the user and while consumers
should be made aware of security
issues, companies shouldn’t expect
the consumer to have to actively
engage in security hygiene.
“While consumers should
be encouraged to change their
passwords, designs should have
the ability to automatically update
software when problems are found, as
well as the ability to roll out patches
quickly.”
Carter makes the points that the
nature of attacks are changing and
becoming far more subtle.
“A number of routes are open to
the attacker. The advanced persistent
threat will see the hacker make their
way into a network, where they will
establish a presence on a server and
then use it to issue commands and
take control. They have already passed
through the network’s defences and
it’s now just a matter of time as to
how much data they are able to take.
“The key
challenge for
providers is
to start to see
security as a
fundamental
aspect of their
business.”
Rusty Carter
26 10 September 2019 www.newelectronics.co.uk
beebright/stock.adobe.com
/www.newelectronics.co.uk
/stock.adobe.com