THE INTERNET OF THINGS (IoT) could put lives at risk if firms don't move quickly to address security concerns.
So says a panel of industry and academic experts speaking at Infosecurity Europe in London, who noted that connected devices can pose a real danger to humans if they are hacked.
"I think the main points of security in the IoT context is in terms of protecting us from the physical harm that results from cyber threats to our [connected] systems," said Professor Chris Hankin, director at the Institute for Security Science and Technology at University College London.
James Lyne, global head of security research at Sophos, agreed, adding that the need for IoT security is by no means overhyped.
"You look at a lot of this devices, a lot of them right now they are toys or bizarre crap that I don’t know why anybody would want it. And people are like: ‘why are you bothering to hack that; it’s junk’," he said.
"There been this huge discussion in the industry about junk hacking and stunt hacking and the reason for me is this: these devices are changing, being added to, evolving at an insane pace.
"It only takes one of those devices two, months, six months, twelve months from now to find a major place in our homes or our work where all of a sudden the crap becomes something we care about.
"So we have a whole industry that is being ignored by the virtue of unimportance, but all of a sudden may find itself extremely [open] to attacks.
"Wouldn’t you rather learn lessons about how to secure an industry whilst it’s still a toy rather than fighting regard action?" he asked rhetorically.
Ian Smith, IoT security lead at the GSMA, also championed the need to address IoT security with physical dangers in mind, but noted that doing so is not just safe but a good business practice.
"If you get security right you could potentially launch product or services ot be the next success story. But get security wrong and you’re potentially gone a few days later,” he said.
However, there are several challenges to be addressed, notably the need to secure devices that can be expected to be in place for a long time, such as connected sensor networks, and putting in robust security on very small devices that lack the real estate to effectively do so.
Hankin suggested that security is carried out at a systems level where all the IoT devices feed into so that the services that are delivered to the user protects even if individual components do not.
This discussion comes just a week after security outfit IOActive IoT Security Survey revealed that just one in 10 IoT devices offers adequate security credentials. µ
C3-PO, R2-D2, BB-8 and other Androids
Helpful cyber vigilante gets short changed by customer services
...you know, now it's less confusing...
Firm will no longer provide updates for its first Android mobe