SECURING THE THINGS
IoT is no longer a buzzword and these devices need protection. By Elliot Mulley-Goodbarne
With the IoT industry calling
for common standards and
infrastructure it’s fair to say
that the industry is very much in its
infancy; certainly not mature anyway.
But with uncertainty comes
fragmentation and with fragmentation
comes vulnerability leading, more
often than not, to headlines.
The Internet of Things has moved
from a concept to a buzzword to
tangible devices businesses and
consumers can take advantage of.
Be it cameras and sensors hooked
up to AI computing to work out
footfall in public spaces, or a range
of Narrowband IoT devices such as
cameras, trackers and sensors for
consumers and enterprise – the trend
is only going up.
Now that 5G has been added to
the mix of connection protocols that
include Wi-Fi, Bluetooth, 4G and
Zigbee to activate these devices, the
attack verticals for ‘hackers’ has also
grown.
“Security often is an afterthought
and sometimes it’s almost as though
it was never thought about at all”
said Paul Ducklin, Senior Security
Advisor at Sophos, “If you take kids’
smartwatches, for example, they cost
20 bucks to buy, so you can imagine
how much money is left over for
security.
“But once the product is out in the
market, it’s too late to add security
as an afterthought and that’s a
serious problem. We draw attention
to this and people ask what they
can do. We suggest that they should
stop using it, because there’s this
massive bug that means anybody can
figure out where your kids are and
the device doesn’t have any way of
getting updated.”
“I think a lack of competence
is worse than security being an
afterthought” added Bernard Parsons,
CEO and Founder of Becrypt. “Many
companies that are manufacturing
IoT devices simply don’t have the
necessary levels of competence when
it comes to security.
“There’s no reason to believe
that, because you’re an IoT
manufacturer, you’re going to have
the in-house expertise to do a good
job of architecting security within
your system. What is the driver for a
manufacturer to go through the extra
cost and time required to implement
security even if they want to?
“I think this is where we have a
situation which is best described
as a market failure from a security
perspective. There are two issues
here, one is information asymmetry,
where, as a buyer of IoT components,
I can’t tell the difference between
good and bad so it’s very difficult for
me to differentiate between someone
who’s investing in security and
somebody who isn’t. That provides
an advantage to the company that’s
not investing, as they go to market
quicker and they’ll be cheaper.
“The second issue is negative
externalities, where the real losers in
this are not the manufacturer or even
the consumer; both parties could
be happy because they got things
cheaper because no one invests in
security. But if a fridge, for example,
28 24 March 2020 www.newelectronics.co.uk
Nmedia, zinkevych/stock.adobe.com
/www.newelectronics.co.uk
/stock.adobe.com