DZone
IoT Zone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
  • Refcardz
  • Trend Reports
  • Webinars
  • Zones
  • |
    • Agile
    • AI
    • Big Data
    • Cloud
    • Database
    • DevOps
    • Integration
    • IoT
    • Java
    • Microservices
    • Open Source
    • Performance
    • Security
    • Web Dev
DZone > IoT Zone > Security for IoT Can't Be an Afterthought

Security for IoT Can't Be an Afterthought

G. Andrew Duthie user avatar by
G. Andrew Duthie
·
Feb. 28, 15 · IoT Zone · Interview
Like (0)
Save
Tweet
5.37K Views

Join the DZone community and get the full member experience.

Join For Free

Earlier this week, in my presentation at CapArea.net on "Communicating with the Internet of Things" one of the points I emphasized repeatedly is the necessity to think about security early and often. Any time you are responsible for creating a device that can communicate with the internet, whether that be a home automation gateway, Wi-Fi-controlled light bulb, or and industrial control system designed for remote monitoring, you need to be sure you understand how that system can be attacked. As security MVP Troy Hunt likes to put it, you need to "hack yourself first."

598413_99638977_Hacker_sm
photo credit: nwogen on freeimages.com

The reason I bring this up is that I had an exchange today with Cuno Pfister of Oberon Microsystems, who announced today the Limmat platform, a gateway device that bridges Bluetooth LE and HTTP, part of which was about how they're securing the device. As part of his response, Cuno pointed to this article, which describes a recently discovered flaw in BMW's ConnectedDrive system that could potentially expose 2 million cars to remote unlocking or disabling.

Two MILLION cars. Try to wrap your head around that number for a moment. BMWs aren't exactly cheap cars, either, and you'd think that they would take great care to ensure that the onboard telematics could not be hacked. But if the article is accurate (and I'm not an expert in auto system security, so I can only take the reporting at face value), it sure looks like they missed some major red flags in their implementation of the communication with the cloud.

So what's an IoT developer to do? Start thinking about security as soon as you begin planning your product or system. Put on your black hat, and think through how someone would attack your system. Or if you're not confident that you have the expertise to do so, hire someone who does.

Connected devices have great potential, but with that potential comes risk. And every new hack, vulnerability, or flat-out poorly designed product will make it that much harder for consumers and industry to put their trust in IoT. Attention to security early on in the product lifecycle is key to preventing this outcome.

security IoT

Published at DZone with permission of G. Andrew Duthie, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • The Engineer’s Guide to Creating a Technical Debt Proposal
  • Take Control of Your Application Security
  • APIs Outside, Events Inside
  • SDLC Vs STLC: What's the Difference?

Comments

IoT Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • MVB Program
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends:

DZone.com is powered by 

AnswerHub logo