Improved Security For The Internet-of-Things

We’ve all heard that the internet of things is inherently insecure and personal data related devices handle could end up in the hands of wrongdoers. One could assume some security measures could be set in place to prevent that from happening.

While that is true to some extent, security researchers have found several common vulnerabilities in IoT devices that traditional “smart devices,” such as laptops or smart phones, would have never got away with. Connectivity between IoT devices is often exploited, especially when it involves in-transit data encryption, default (or lacking) authentication credentials, or vulnerable communication protocols.

Updates and Patches?

Besides hard-coded passwords and open remote connection ports, some smart devices can be difficult to patch by non tech savvy users. For instance, some smart thermostats may require users to manually download updates on removable drives, mount them, and then apply the necessary updates manually.

While this resembles something from the early 90’s, some IoT devices were not designed to support over-the-air updates and security patches, potentially exposing users to security risks during the entire lifetime of the product. Not only do smart devices need a way of informing customers of security updates available to install, but they also must be deployed in a regular and timely manner.

Updates and patches are usually deployed whenever vulnerabilities are reported by security researchers, but fixes either don’t always make it to products that have already hit the market or users are not notified of their existence.

What should be done?

Following best practices already established in the industry in recent decades, any IoT device that hits the market should support a software update mechanism and enforce basic security. We’ve been educated to use strong passwords and encryption on our PCs and mobile devices for years, but we haven’t been educated to apply the same scrutiny to IoT devices as well.

While users share some of the blame for the security of smart devices, as they’re usually more plug-and-play and not security-driven, vendors are also at fault. Whenever we buy a new smartphone or laptop, our first thought is to install some sort of security solution and make sure we protect it with a strong password. At least the latter should apply to IoT devices, as most don’t usually allow security software to be installed.

IoT vendors should also be more focused on implementing security from the drawing board to make sure software updates and fixes can be distributed. The same way every piece of software on our PCs and smartphones is update-able, IoT devices should also exhibit the same behavior.

Integrated Home Network Security for IoT

One way of going about the problem of security IoT devices is going at the gateway level and simply plugging in a device next to your home router that’s able to quickly and seamlessly identify all household smart devices and protect them from outside attacks.

While this seems like a futuristic scenario, the Bitdefender Box enables users to not only manage all network-connect smart devices, but also lets them know whenever some of them are vulnerable. Providing a user friendly mobile interface, Bitdefender Box also offers reports on malicious attempts of attackers trying to take control of your IoT devices.

IoT security should also be about making informed decisions on how your smart devices should behave and who they’re allowed to “talk” to. Finding out that your IP camera is quietly broadcasting images to an unknown IP address could save your privacy. That’s when an integrated home network security solution for IoT comes in, protecting both your personal data and your privacy.

MacWorld

« 'Zero Days' - Hidden World of Cyber Warfare
Artificial Brains to Protect Against Cyberattacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clearpath Solutions Group

Clearpath Solutions Group

Clearpath Solutions Group expertise covers virtualization and data storage technologies, networking, security and cloud computing.

MarQuest

MarQuest

MarQuest provides services and systems to enhance network reliability and security.

Cryptus Cyber Security

Cryptus Cyber Security

Cryptus Cyber Security is an Information Security Training company providing advanced training and services to IT Professionals.

vArmour

vArmour

vArmour is the industry’s first distributed security system that provides insight and control for multi-cloud environments.

Swedish Civil Contingencies Agency (MSB)

Swedish Civil Contingencies Agency (MSB)

MSB's Information Assurance Department is responsible for supporting and coordinating work relating to Sweden's national societal information security.

Industrial Networking Solutions (INS)

Industrial Networking Solutions (INS)

INS Services specializes in designing, deploying and providing on-going support for critical OT (Operational Technology) and IIoT (Industrial Internet of Things) networks.

ComCERT

ComCERT

ComCERT SA is an independent, private consulting company focusing in the assistance of its customers facing the dangers of cyber threats and security incidents.

LaoCERT

LaoCERT

LaoCERT is the national Computer Incident Response Team for Laos.

Ataya & Partners

Ataya & Partners

Ataya & Partners is a consulting company that delivers data protection, cybersecurity and IT & Digital governance services.

Agile Underwriting

Agile Underwriting

Agile, an underwriting agency, insurtech and Coverholder at Lloyd's, provides niche insurance products across Aviation, Marine & Cargo, Cyber and Financial Lines.

Technisanct

Technisanct

Technisanct works with Governments, especially Law Enforcement and Defence agencies, helping them in monitoring threats, managing their data and resolving their forensic needs.

Appsec Phoenix

Appsec Phoenix

Appsec Phoenix is an end to end vulnerability management platform that focuses on workflows, threat feed, and real time data.

IBM Security

IBM Security

IBM manufactures and markets computer hardware, middleware and software, and offers hosting and consulting services in areas ranging from mainframe computers to nanotechnology.

Avalon Cyber

Avalon Cyber

Arm your organization in the fight against cyberattacks by partnering with the experts at Avalon Cyber.

PDI Technologies

PDI Technologies

PDI Technologies helps convenience retail and petroleum wholesale businesses around the globe increase efficiency and profitability by securely connecting their data and operations.