How to make sure your IoT devices don’t become tasty bait for data trawlers. Our previous blog where we examined how the net is full of security holes, in this blog we look at possible precautions against data trawlers.
So another problem is that few of the companies making connected gadgets have much experience with cyber security—or the incentives to take it seriously.
Good security costs money, and the better it is, the less its benefits are visible to the end-user. So, no surprise then, that basic precautions against data trawlers are routinely ignored.
This is confirmed from academic analysis. A recent paper published by Stanford University analysed telemetry from 83m connected devices and found that millions used old, insecure communication protocols or weak passwords.
How to protect yourself against data trawlers?
Check out ServiceteamIT’s video on how you can protect yourself against data trawlers:
As a consequence the Industrial Internet Consortium, a trade body focused on industrial deployments of the IoT, published a guide to security written by experts from veteran firms such as Fujitsu, Kaspersky Labs and Microsoft. So why you should make security central to your value proposition?
Here big computing firms are trying to turn security into a selling point. Microsoft sees the IoT as an important market for its cloud-computing business.
So under the Azure Sphere brand it has developed a security-focused, low-power microcontroller designed to be the brains of a wide range of IoT devices.
These micro-controllers run a security-focused version of the Linux operating system and communicate through Azure’s cloud servers, which have extra security features of their own.
Also governments are getting serious about data trawlers too. In 2017 America’s Food and Drug Administration (FDA) issued its first cyber-security-related product recall. The FDA found that some wireless pacemakers were vulnerable to hacking.
Here in the UK the government is mooting similar laws to require manufacturers to provide contact details for bug-hunters. And so to spell out how long products can expect to receive security updates.
So hereas widget-makers can learn much from the computing giants, some lessons will have to flow in the other direction, too. The computing industry moves at high speed.
So smartphones, for instance, rarely receive security updates for more than five years.
This is not going to work with products like cars or factory robots, which can have much longer lifespans. But employing the programmers necessary to provide support for dozens of models for decades will be an expensive proposition.
Will the computer industry be on the hook for data trawlers and phishing?
The computer industry has long claimed being liable for holes in its code would stifle innovation.
Yet this position will become harder to defend as software spreads into the sorts of physical goods that, historically, have not been granted such legal exemptions. So what is the logical extension of that claim? Therefore if buggy software or compromised software injures someone they won’t be able to claim?
To that end imagine the patience of customer the day IoT refrigerator defrosts a chicken too quickly. Here the likely consequences are likely to be messy, dangerous and highly risky.