What’s being done to improve security for the Internet-of-Things?

thumbprint with binary

We’ve all heard by now that the internet of things is inherently insecure and personal data related devices handle could end up in the hands of wrongdoers. One could assume some security measures could be set in place to prevent that from happening.

While that is true to some extent, security researchers have found several common vulnerabilities in IoT devices that traditional “smart devices,” such as laptops or smart phones, would have never got away with. Connectivity between IoT devices is often exploited, especially when it involves in-transit data encryption, default (or lacking) authentication credentials, or vulnerable communication protocols.

Updates and Patches?

Besides hard-coded passwords and open remote connection ports, some smart devices can be difficult to patch by non tech savvy users. For instance, some smart thermostats may require users to manually download updates on removable drives, mount them, and then apply the necessary updates manually.

While this resembles something from the early 90’s, some IoT devices were not designed to support over-the-air updates and security patches, potentially exposing users to security risks during the entire lifetime of the product. Not only do smart devices need a way of informing customers of security updates available to install, but they also must be deployed in a regular and timely manner.

Updates and patches are usually deployed whenever vulnerabilities are reported by security researchers, but fixes either don’t always make it to products that have already hit the market or users are not notified of their existence.

What should be done?

Following best practices already established in the industry in recent decades, any IoT device that hits the market should support a software update mechanism and enforce basic security. We’ve been educated to use strong passwords and encryption on our PCs and mobile devices for years, but we haven’t been educated to apply the same scrutiny to IoT devices as well.

While users share some of the blame for the security of smart devices, as they’re usually more plug-and-play and not security-driven, vendors are also at fault. Whenever we buy a new smartphone or laptop, our first thought is to install some sort of security solution and make sure we protect it with a strong password. At least the latter should apply to IoT devices, as most don’t usually allow security software to be installed.

IoT vendors should also be more focused on implementing security from the drawing board to make sure software updates and fixes can be distributed. The same way every piece of software on our PCs and smartphones is update-able, IoT devices should also exhibit the same behavior.

Integrated Home Network Security for IoT

One way of going about the problem of security IoT devices is going at the gateway level and simply plugging in a device next to your home router that’s able to quickly and seamlessly identify all household smart devices and protect them from outside attacks.

While this seems like a futuristic scenario, the Bitdefender Box enables users to not only manage all network-connect smart devices, but also lets them know whenever some of them are vulnerable. Providing a user friendly mobile interface, Bitdefender Box also offers reports on malicious attempts of attackers trying to take control of your IoT devices.

IoT security should also be about making informed decisions on how your smart devices should behave and who they’re allowed to “talk” to. Finding out that your IP camera is quietly broadcasting images to an unknown IP address could save your privacy. That’s when an integrated home network security solution for IoT comes in, protecting both your personal data and your privacy.

Subscribe to the Best of Macworld Newsletter