prpl Matters - Home
Coping with the Internet of Unnecessary Things
FEB 21, 2017 21:19 PM
A+ A A-

Coping with the Internet of Unnecessary Things

By Art Swift

It’s taken a while, but the Internet of Things (IoT) is finally mainstream.  From smart homes with heating, entertainment and security systems to connected street lights and smart cities, the infrastructure has now been put in place to support a connected world.  As such, we will see more and more applications spiral off of it.

Innovators everywhere are keen to take advantage, even when it comes to largely unnecessary things such as the connected toothbrush, kettle or refrigerator. Whether it is viewed as a fad or as a genuine benefit to the user, connectivity is woven into the fabric of our lives and so it will have a big impact on society for years to come.

The world had a rather significant security scare with the DDoS attack on DYN last year as a result of the largest IoT botnet on record, Mirai.  The chaos that low power, low cost IoT devices were able to create once infected with Mirai malware was a huge wake up call to the industry, consumers and governments alike.  The Department of Homeland Security (DHS) even issued some security guidance in response to the attacks, calling for industry to up its security game.

The question of responsibility

Responsibility undoubtedly comes up in most conversations about IoT security.  The fact is users, vendors, service providers and operators and regulators all have a part to play. Users can first and foremost realise that their new gadgets are not secure and likely riddled with vulnerabilities and if this concerns them, check Google for any updates and take control of their home networks by making sure there are no ports open unnecessarily.  In fact, prpl has discovered that consumers prefer security to usability, and they’re prepared to take more responsibility if it means living in a safer home and so compiled a full list of advice for consumers keen to take control of the security of their smart homes:

Top tips for better smart home security
❶ Regularly check router firmware updates
❷ Change default admin password on router
❸ Configure firewall policies – close all ports
❹ Enable MAC filtering
❺ Use guest network for guest devices
❻ Use guest network for all home devices
❼ Enable wireless isolation
❽ Disable DNS setting via DHCP
❾ Disable USB file sharing
❿ Disable UPnP

However, the responsibility of consumers can only go so far, therefore vendors need to operate under the assumption that users won’t do any of this and make sure their devices are updateable to take into account any security threats and take the burden off of the consumer.

As an extension of this, I expect we’ll also see service providers and operators included in these conversations about security, particularly where a connected device is dependent on a cloud or other service in order to fully function.

When it comes to the government, initiatives such as the aforementioned guidelines suggested by the DHS for are not new to those in the security industry, but they are certainly agreed upon principles that will make a good baseline for what manufacturers and developers should be doing. It often takes governments a little while to catch up with what experts have been saying for years, so it is encouraging that it seems to be sinking in now.

There is even some call within the tech realm for the IoT to be regulated by an industry body that ensures a minimum baseline for security hygiene and can give users more information about the security of a product, similar to food labels in certain countries that provide transparent information about the food they are about to consume. In fact, during a recent Infosecurity webinar, the 100+ audience was polled and 52% thought this was a viable means to dealing with IoT security.

Moving forward

As with any new technology humans come to rely on, there will be many questions that need answering in the very near future in order to keep connectivity from endangering the population. 

The industry at large must drive certain decisions to ensure that innovation doesn’t suffer at the hands of politicians keen to make their move on the space with little technology literacy.  Industry needs to get in front of the problem and face it head on to ensure visibility and transparency are key values in shaping any regulation, rather than control and locking things down. 

Whether it is through self-regulation and subscribing to a minimum baseline of security hygiene or using best practice guidelines, such as those set out in the prpl Security Guidance for Critical Areas of Embedded Computing, we need have these tough discussions now in order to secure the future.




[%= name %]
[%= createDate %]
[%= comment %]
Share this:
Please login to enter a comment:

Computing Now Blogs
Business Intelligence
by Keith Peterson
Cloud Computing
A Cloud Blog: by Irena Bojanova
The Clear Cloud: by STC Cloud Computing
Computing Careers: by Lori Cameron
Display Technologies
Enterprise Solutions
Enterprise Thinking: by Josh Greenbaum
Healthcare Technologies
The Doctor Is In: Dr. Keith W. Vrbicky
Heterogeneous Systems
Hot Topics
NealNotes: by Neal Leavitt
Industry Trends
The Robotics Report: by Jeff Debrosse
Internet Of Things
Sensing IoT: by Irena Bojanova