Do we need an IoT 2.0? asks Ken Munro, partner at Pen Test Partners. Being brave enough to take a new approach to an old problem is how technology gets adopted. It’s how pioneers from Steve Jobs to Elon Musk have revolutionised industries.
Right now, I believe we need a similar shake-up in the IoT. Manufacturers are following the path of least resistance to grab market share, but vulnerabilities then surface that compromise the integrity of the product and the market as a whole, stymying adoption. But what if there were a way to reinvent the IoT?
The biggest problem with the Internet of Things is, well, the Internet. It’s a public highway and that makes any device connecting over it susceptible to attack, even more so when you consider that hackers can purchase and reverse engineer IoT devices making it even easier to then hijack others already deployed. This is particularly noticeable in the consumer space where IoT devices can expose home networks and the user’s data.
Many consumer devices use the Wi-Fi network to connect to the Internet and this creates numerous issues. Unconfigured, the device will often act as an access point with a default PSK, making it an easy target. Configuration is often difficult and the device may malfunction during set-up. Even if you do succeed, some devices will open up ports on the home firewall with the consumer none the wiser which as we have seen can lead to the creation of super botnets. Plus if the user changes their ISP or router it can be troublesome to reconfigure the device.
If it were possible to remove the internet from the equation, many of these problems would resolve themselves. The problems of malware, ransomware and botnets used for DDoS attacks would be mitigated. There would be no risk to personal data, no opportunity for device aggregation, and no risk of rogue firmware updates. The user would be able to enjoy a seamless experience with security layered in by default. Conceivably we’d have a user utopia.
So, what’s standing in the way? Why are we so hooked on Wi-Fi? The primary reasons are of course cost and bandwidth. The cost to the manufacturer from piggybacking off the user’s broadband connection is zero and it costs the consumer nothing extra, keeping product price points low. Using an alternative network is bound to incur some additional expense and then there’s the prospect of contracts to govern data transport costs, both of which are distinctly unpalatable to the vendor.
But think of the advantages. Near zero configuration, association with an established user account helping authentication, no risk of attack, and the bonus of client segregation so that in the event of compromise, the risk to the user are minimised. This isn’t the stuff of Science Fiction; it’s achievable today using mobile data networks.
Telematics units in connected vehicles have been using these networks for some time to relay data securely so why can’t the IoT? Yes, there is a cost for the embedded SIM and airtime, but […]
Read more here:: www.m2mnow.biz/feed/Posted on: February 9, 2018