Is there any IoT security?

IoT security by ENISA 2015

Since the Internet of Things (IoT) is rapidly growing to be one of the largest businesses in the ICT-world, everyone is talking about it. Even more, everyone seems to be concentrating on security and how bad it is.

I saw an extensive university study which came to conclusion that all of the tested IoT home appliances were vulnerable for cyber attacks. Well, I could saved their time, since absolutely everything connected to internet is vulnerable. Their recommendation for the situation was to use stronger passwords. True, you should always use strong passwords, but unfortunately that will not help you to secure your home or business IoT environment.

There are security vulnerabilities in home IoT-appliances and usually they are deeper and more complex than bad Wi-Fi password. In most cases, they cannot be secured by the every-day user. Bad design and structural problems causes unwanted backdoors and exposures of confidential information to the maleficent side of the internet. As an example, smart TV’s have cameras which can be accessed remotely because of a software glitch. Remote controlled light bulbs and air conditioners use proprietary wireless connection which reveals your “how ever strong it is” Wi-Fi password in plain text to public. 

So what to do then? You have couple of options. You can always use an additional security device to help you to secure your environment – just like companies do. The stuff is very new, the first shipments are just beginning at Q1 2016: F-Secure SENSE, Luma smart Wi-Fi router, Dojo ja Cujo.

Another option is to make a personal risk assessment and classify your environment and privacy. Do you have to connect the specific device to the internet? What functionality will you lose if you use it as a stand-alone device? If it needs to be connected to internet, can it be secured sufficiently? It it gets hacked, what information you reveal or loose? Does it really matter or is it very important or sensitive? Can the data be used against you or others?

Then there is one additional information important to understand. Even if the data is not important to you or the connected device is more or less harmless, it could be used to cause harm to some-one else. There are cases where captured IoT-home appliance has been used from spamming email or cause Distributed Denial of Service attacks. Regular user would not even know that this kind of illegal activity is happening.

So as always, you first need to think what you are doing and connecting to internet at your home. If you do not know, ask from a friend, or better yet, ask from a professional. If you are not able to do any of these, just do not plug it in.