Feb 19, 2017—
We’ve been seeing growth in the number and scope of cyber-attacks for the past few years, but fall 2016 will be remembered for one of the largest cyber-attacks in U.S. history. The intended target of the distributed denial-of-service (DDoS) attack was bombarded by tens of millions of IP addresses from around the world, which ultimately took down internet giants like Twitter, Spotify and PayPal before the damage could be contained.
Some of the sources of the concerted DDoS attacks were smart-home devices connected to the internet. These had been remotely infected with malware, which took advantage of lax, or sometimes non-existent, security settings. One manufacturer of popular IP security cameras, sold worldwide under many brand names, was identified as a primary culprit. Tens of thousands of cameras were shipped with poorly implemented security, unfriendly password tools for users, and outdated software inclusions that left the door wide open for hackers and malicious code.
This attack was an eye-opener for the IoT development community, as well as for consumers. Multiply this one example by the tens of millions of IoT devices installed worldwide, and it’s clear how the lack of robust security for smart devices could lead to cataclysmic market problems. Porous security in the Internet of Things will do more damage than merely stopping forward-thinking industries from reaching their business potential. It will also mean constant, permanent risk of theft and malicious activity for consumers and businesses everywhere, from now on.
What Is the Security Price?
When manufacturers and developers think about smart objects, their first focus is on the abilities of these devices to perform certain tasks. Then, they also have to think about how to make the devices simple for the installer and end user to utilize. In the case of battery-operated devices, they also must devote significant commercial and technological overhead to making them as energy-efficient as possible. Once the obvious feature and benefit goals have been achieved, the product or service must then, of course, meet the prime commercial consideration: it has to make economic sense to sell, install and buy.
Achieving all these requirements while speeding products to market in a fast-moving, competitive landscape can be challenging—so much so, in fact, that the device’s security integrity is often an afterthought, despite its critical importance. Whether through device-to-device communications inside the home or data sent from the home to the cloud, the inviolability of smart devices must now become a requirement for IoT product development.
