Over a million developers have joined DZone.

Security for IoT Can't Be an Afterthought

· IoT Zone

Access the survey results 'State of Industrial Internet Application Development' to learn about latest challenges, trends and opportunities with Industrial IoT, brought to you in partnership with GE Digital.

Earlier this week, in my presentation at CapArea.net on "Communicating with the Internet of Things" one of the points I emphasized repeatedly is the necessity to think about security early and often. Any time you are responsible for creating a device that can communicate with the internet, whether that be a home automation gateway, Wi-Fi-controlled light bulb, or and industrial control system designed for remote monitoring, you need to be sure you understand how that system can be attacked. As security MVP Troy Hunt likes to put it, you need to "hack yourself first."

598413_99638977_Hacker_sm
photo credit: nwogen on freeimages.com

The reason I bring this up is that I had an exchange today with Cuno Pfister of Oberon Microsystems, who announced today the Limmat platform, a gateway device that bridges Bluetooth LE and HTTP, part of which was about how they're securing the device. As part of his response, Cuno pointed to this article, which describes a recently discovered flaw in BMW's ConnectedDrive system that could potentially expose 2 million cars to remote unlocking or disabling.

Two MILLION cars. Try to wrap your head around that number for a moment. BMWs aren't exactly cheap cars, either, and you'd think that they would take great care to ensure that the onboard telematics could not be hacked. But if the article is accurate (and I'm not an expert in auto system security, so I can only take the reporting at face value), it sure looks like they missed some major red flags in their implementation of the communication with the cloud.

So what's an IoT developer to do? Start thinking about security as soon as you begin planning your product or system. Put on your black hat, and think through how someone would attack your system. Or if you're not confident that you have the expertise to do so, hire someone who does.

Connected devices have great potential, but with that potential comes risk. And every new hack, vulnerability, or flat-out poorly designed product will make it that much harder for consumers and industry to put their trust in IoT. Attention to security early on in the product lifecycle is key to preventing this outcome.

The IoT Zone is brought to you in partnership with GE Digital.  Discover how IoT developers are using Predix to disrupt traditional industrial development models.

Topics:

Published at DZone with permission of G. Andrew Duthie, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}