2.05.2016

Insecurity in the Internet of Things


The Internet of Things, often abbreviated IoT, now includes a multitude of devices. Smartwatches, fridges, lightbulbs… companies are looking to connect just about anything to the Internet. But should we?

Not many people know that the internet was designed without security in mind. The first few network protocols had little, if any, security built in. HTTP, FTP, and Telnet were plaintext protocols, which eventually led to HTTPS, SFTP and SSH being developed as more secure alternatives. 

One more thing that some may fail to grasp is that the Internet of Things and the World Wide Web… are the same thing. The same problems that plague the Internet (hackers, spam, advertising) have the potential to spread to whatever smart device someone happened to pick up at their local Best Buy.

Companies are still in the prototyping stage, creating as many different products as they can to see what sells. In their rush to get new products to market, they are not taking the time to understand how dangerous the web is for any device.

"Companies are not taking the time to understand how dangerous the web is for any device."

Security in current smart devices is almost non-existent. Articles of hacked baby monitors made the rounds recently, and in this case I use the term “hacked” loosely. Hidden accounts that can’t be easily changed or disabled, internet portals with default passwords, and a lack of any kind of encryption are unforgivably insecure for products intended to protect a child.


A key part of this problem is the lack of standards for security in smart devices. How many accounts should be on a device? Do we need a root or administrative account? Do we need to update our software? Or most importantly, “Do we need to put this device on the Internet?” Until we can solve issues as simple as default passwords, the answer is no.