Though we've covered basic Cyber Security, one of the most pressing concerns out there is about web security of IoT (Internet of Things). From TVs that can be used to spy on you to the rise of driverless cars, the IoT can be a daunting place.
FBI Issues Warnings about the Web Security of IoT
The FBI issued a warning last week about the vulnerabilities caused by IoT toys which connect to the internet. The warning was particularly distressing in that it directly considered children; in the course of play, children may disclose all manner of personal information to their toys.
Though the FBI does have a sensitivity to security issues, their warnings deserve heed. What if someone is listening?
So you think you’re alone now?
The problem of security internet enabled devices is a relatively recent occurrence, but the implications are pervasive. The core of the problem is this; if an IoT device is infected with Malware, what’s to stop it from spying on you in your home?
Think about that for a second. What kinds of things do you discuss when you think you’re alone or with trusted members of your family? Have you ever discussed taking vacations, and when your house will be empty? Have you ever discussed your home security system and the codes needed to shut it down? How about where important valuables are stored?
You get the picture.
Not just spying
The risk, however, is not limited to tracking information. Segways which have bluetooth are vulnerable to being hacked and controlled, and the Smart capabilities of a fish tank were used to gain access to the full network to assist in robbing a casino. IoT has even been used as botnets for DDoS attacks.
There is also considerable worry, as IoT gains momentum, about the extension of IoT into the realm of transportation. As cars, trucks, and other public transportation, become more digital, who is standing at the gate making sure those types of items are secure?
Getting Started on an Answer
It seems that much of the problem with the web security of IoT will need to be addressed within the devices themselves. Encryption and authentication are still key functions that any internet connected devices require to be able to maintain security.
I suspect that in time, with the further development of these products and technologies, systems of central management will emerge that enable these types of devices to be connected and scanned as groups, rather than dealing with each device individually.
As with other technologies which emerge in a flurry of diversity, there will be a process of standardization as some communication protocols become favored for their their ability to negotiation and mitigate security risks.