Home Secure Home. In today’s automated world, ensuring that our electronic lives and data are secure is part of everyday life. We don’t think twice about entering passwords to access social media sites or enrolling our biometric signatures to access our mobile devices. When it comes to home automation and Internet of Things (IoT), security also comes to mind quickly – especially when we think about automated door locks or cameras and security systems. We expect these systems to be secure and to help ensure our families and most precious possessions are kept safe.
As the IoT continues to encroach into our daily lives and more mundane objects become aware and connected, we begin to see even more dramatically how important security is. Many will remember the article from Wired last year where White Hat hackers were able to remotely stop a Jeep while it was driving on the highway. There was also a Forbes article from a few years ago when hackers were able to remotely take control of a toilet – funny until you consider yourself on the receiving end of the joke.
Security has always been an important topic but as the risks escalate beyond the virtual and increasingly into the physical realm with billions of interconnected devices – Gartner predicts that there will be 6.4 billion connected devices in use world wide this year alone – the issue becomes increasingly real.
A recent article by Earlence Fernandes, a PhD student studying Systems and Security at the University of Michigan, published in The Conversation provides and interesting and detailed look at the impact of integrating a vulnerable device into a coordinated system. He and his collaborators examine Samsung’s SmartThings platform and found two major categories of weaknesses: excessive privileges and insecure messaging. Specifically they found that over half of the applications they studied in detail provided access to more functions than they needed to perform the functions they were designed for. This type of vulnerability is probably something that the folks in Daegu, South Korea should be considering as Samsung partners to roll out the world’s first dedicated, nation-wide, commercial IoT Low Power Wide Area Network (LoRaWAN) in their city!
I would not be surprised to learn that other IoT platforms had the same or similar vulnerabilities. Security will always be a challenge for any complex technical system. The IoT is the largest and most complex system of connected devices and unsurprisingly poses some of the biggest and most complex security concerns. It is good to see people like Earlence, organizations like ICSA, and security companies focusing on these issues.
Do you think it is enough? We look forward hearing your comments!