Skip to main content

The Internet of Things (IoT)

Posted by Julia

In the News

Adding network connectivity to existing product types is an increasingly popular way to incorporate more technology and greater convenience into a familiar world. From temperature control systems to cars to watches to refrigerators, it seems that everything is becoming remotely accessible or operable by mobile phone, a part of the Internet of Things (IoT). But as Natasha Lomas points out in Call to ban sale of IoT toys with proven security flaws, despite the positives of tech in more and more products, attaching certain products to a network can ultimately introduce some pretty alarming possibilities into our homes–including the ability of strangers to talk to children through their toys.

Our Take

Your friendly neighborhood security team never thought we’d have to tell you,“Don’t forget to patch your Furby.” Any IT professional is excited about the ways that technology can enhance the day-to-day lives of average people, but it often seems that, during the production and development of IoT devices, security is an afterthought if it is ever a thought at all. “Smart” products may be more marketable and innovative, but time-to-market should not be a more important driver for companies than security, as this leaves many products vulnerable to misuse by malicious or mischievous outsiders.

IoT failings include:

  • Lack of updates released by companies for existing products
  • Lack of secure authentication measures for configuring products
  • Insufficient controls around the data which products collect from the surrounding environment
  • Insufficient monitoring or alerting capabilities that detect when a device is behaving unusually or may be compromised

Recommendations

If you purchase an IoT device, always make sure to:

  • Do research ahead of time to understand what the product is capable of and what tech reviews say about its security
  • Change any and all default passwords, making them strong and unique
  • Disable services or network connections that aren’t essential in order to reduce attack vectors and vulnerabilities
  • Make sure that the network you are placing the device on is secured with strong passwords