DZone
IoT Zone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
  • Refcardz
  • Trend Reports
  • Webinars
  • Zones
  • |
    • Agile
    • AI
    • Big Data
    • Cloud
    • Database
    • DevOps
    • Integration
    • IoT
    • Java
    • Microservices
    • Open Source
    • Performance
    • Security
    • Web Dev
DZone > IoT Zone > Is "IoT Security" a Contradiction in Terms?

Is "IoT Security" a Contradiction in Terms?

Is possible to be truly secure in the world of IoT? Read on for one opinion on the matter that highlights some interesting points, and check out the resources at the bottom to learn more.

Arthur Hicken user avatar by
Arthur Hicken
·
Jun. 28, 16 · IoT Zone · Opinion
Like (5)
Save
Tweet
3.83K Views

Join the DZone community and get the full member experience.

Join For Free

The Internet of Things (IoT) has become the internet of hacks. More and more devices are becoming internet-enabled. While this makes many aspects of our lives easier, it opens us up to a wide range of cybersecurity problems. From direct control of devices to lost of personal private data to actual control of the networks and computers in our homes and offices, the IoT is creating security risks at a faster rate than it’s fixing them.

Vendors are driven to get items to market fast in order to make money. Along the way, security is given short shrift — or, all-too-often, not even considered. After all, it’s only a light bulb... what’s the worst that could happen? The answer, of course, is a lot, and probably much more than you think.

Compounding this problem is the fact that consumers simply don’t like doing sysadmin work and maintenance on their hardware. It’s difficult enough to convince people to update their computers and mobile devices. Worse than that are things like keeping routers up-to-date. Way down everyone’s list of things to do is monitor all the smart devices in the house for CVEs (known vulnerabilities) in the national vulnerability database. Hardware manufacturers have to take this into account and put even more care into the software security for software embedded in Internet-enabled things.

Just for giggles (in a scary sort of way), here’s a brief partial list of a few devices that have known hacks available for them. If this doesn’t scare you, then you’re not thinking about it enough. You should be running screaming to empty your bank account, buy an old pre-70s car, and smash your phones, thermostats, and other electronic devices.

  • airbags
  • Fitbit health bracelet
  • Baby monitors
  • VOIP phones
  • road signs
  • printers
  • cctv cameras
  • pacemakers
  • kettles
  • ATM
  • USB
  • USB-C port
  • gas station tank gauges
  • cars
  • Blu-Ray discs
  • light bulbs
  • smartwatches
  • CD players
  • electricity smart meters
  • thermostats
  • SD cards
  • mag stripe readers

Again, this list is only a (very) small subset of things that not only can be hacked but already have been hacked. The scary thing is that many of these aren’t just access to the device itself or even data from the device (which is already a huge privacy issue), but are gateways to attack other pieces of your network. Read more about the lightbulb and blu-ray hacks above.

Now the answer to all this isn’t easy, but I’m hoping that at least you’ll spend more time thinking about it than you have.

IoT Hall of Shame

I recently created a list of known hacks for “things” – you can view it at the IoT Hall-of-Shame.

FedScoop Podcast

FedScoop's Kevin Greene and I recently chatted about challenges in securing the Internet of Things, and best practices for installing and deploying IoT devices.

IoT Security Resources

  • Embedded Systems Security: Practical Methods for Safe and Secure Software and Systems Development
  • Platform Embedded Security Technology Revealed: Safeguarding the Future of Computing with Intel Embedded Security and Management Engine
  • Software Test Attacks to Break Mobile and Embedded Devices (Chapman & Hall/CRC Innovations in Software Engineering and Software Development Series)
  • Embedded Security in Cars: Securing Current and Future Automotive IT Applications
IoT security

Published at DZone with permission of Arthur Hicken, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Ultra-Fast Microservices: When Microstream Meets Wildfly
  • OpenTelemetry in Action: Identifying Database Dependencies
  • Maven Tutorial: Nice and Easy [Video]
  • Modern REST API Design Principles and Rules

Comments

IoT Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • MVB Program
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends:

DZone.com is powered by 

AnswerHub logo