Nowadays everybody is talking about Internet of Things (IoT), but not many are talking about its security. Suppose, your friend told you that hackers will use your air conditioner (AC) to hack your Facebook password. It may sound very funny to most people. But in reality where IoT devices are continuously increasing and they are really sharing their information to each other including social media with authentication, it could be a common breaching scenario. It is high time to be concerned about the IoT security, especially for the device manufacturers, developers, service providers and network operators.
All of us have some idea what IoT is. It refers to machines talking to each other, known as device to device communications. Fifteen years back we were only concerned about protecting our PC and about ten years ago we started to think about protecting our smartphone, tabs etc. Now we have to think about the security of the smart watch and wearables, thermostats, cars, lights, refrigerators, home appliances. It is estimated that within 2020, the number of connected devices will exceed 40 billion. These devices are very attractive to the hackers. For example, the baby monitor devices can be hacked. If they hack the connected car, they will be able to break the car in the middle of the road or will be able to open the door locks or control the speed of the car according to their wish. Even in the least radical scenario hackers can hack personal medical data or bank information from wearables.
At present we have observed that both manufacturers and the users are careless about their IoT devices. Device manufactures are in the race of releasing new devices or new version of the devices and they rarely provide the firmware updates for old devices. So, initially the device might be secured but later hackers found the loopholes and manufactures are not interested to update the old device, thus the door remains open to the hackers. On the other hand users are also careless, often to the point that they are too lazy to change the default password or upgrade the firmware or the OS of the devices. On PCs, smartphones or tables updates are happening automatically, but for the IoT it is still quite challenging.
A recent report from HP shows that 70% IoT devices are vulnerable to attack. We have to think about the security from the day one. We have to predict the lifecycle; also have to provide time to time security updates. Authentication system must be improved without compromising the user experience. IoT networks should be secured from the device to the back end system on internet including end point features such as antivirus and antimalware. Another most important concern is data encryption. Data should be encrypted with standard cryptographic algorithm throughout the networks.
There is no doubt that IoT is the future of IT, but the security risk of these IoT devices can’t be ignored. It is high time to think about the IoT security to make our future life secured and hassle free.