Why Are IoT Devices so Insecure Right Now?

November 22, 2017 - 5 minutes read

If you’ve been reading Dogtown Media News recently, you know that the tech community has seen its fair share of hacking attacks aimed at compromising the Internet of Things (IoT). And you don’t have to be a techie or developer in San Francisco to understand why this has the potential to be chaotic — IoT is entering every industry. Toys, air conditioning, cars, forklifts — basically everything is trending towards becoming part of the IoT movement.

But if IoT is becoming more ubiquitous with each day that passes, then why is it so insecure?

A Flaw of Supply and Demand

Companies in all industries are racing to capitalize on the advantages that IoT provides. Many IoT device makers are focused on keeping pace with the resultant high demand, leaving little resources left to ensure their products have proper security. Problems that should have been caught in quality-control instead proliferate and become much bigger threats.

A prime example of this is Devil’s Ivy, a vulnerability recently found in the gSOAP toolkit. This toolkit essentially allows devices to communicate with the internet; it’s utilized by many IoT developers, and thus can be found in the products of numerous big-name IoT device makers. Currently, there are about a million devices with gSOAP in use that are susceptible to Devil’s Ivy.

Fortify, HP’s security arm, discovered that about 70% of popular IoT devices can be hacked quite easily. About 48% of U.S. companies using IoT devices have had their networks compromised according to consulting firm Altman Vilandrie & Company. The firm also found that these types of attacks can cause some serious financial and legal damage — up to 13% of the annual revenues of small companies.

The Specifics on IoT Susceptibility

Besides demand, there are a few other key aspects that help to better explain why IoT device manufacturers are too overwhelmed to attend to security. Chief among them is their lack of experience with cybersecurity. This situation is similar to how PCs were manufactured by only software development and hardware engineers for the majority of their early existence. Of course, these engineers meant to make PCs secure, but that was not their forte.

But now, the stakes and risks are higher. Businesses are relying more heavily on IoT faster than they adapted to PCs, and the technology itself is more complex. Unfortunately, since these are businesses we are talking about, they are more focused on monetary motivations. Security falls close to the back of the line in priorities. Companies often cannot finance an in-house security department when all other needs are attended to.

Because businesses are money-minded, it only makes sense that IoT makers want to have the newest, hottest device on the market. While we get to enjoy the benefits of having a new IoT device be released every few months, that also means introducing newer technology that hasn’t been properly secured yet. Building the next big thing takes time. Securing it takes even longer.

Looking Towards a More Secure Future

When new IoT devices are hitting the shelves multiple times a year, this chasm between the advancing technology and acceptable security would only keep growing, according to common sense. Luckily, this issue is becoming widely known in the tech community, so more attention will surely be paid to security in the future.

In the meantime, always do your due diligence in locking down your IoT network. Ensure that you can see which devices are connected to your network. Also make sure you can manage (quarantine, block access, etc.) those devices. Lastly, having anti-malware software or something similar to detect any nefarious activity is an absolute necessity.

It always pays to be safe, so now that you’ve read up on the insecurity of IoT, take five minutes now to make sure you’re secured.

Tags: , , , , , , , , , , , , , ,