The Internet of Things (IoT) refers to a network of physical objects or “things” equipped with computing hardware and software, including the ability to connect to a network and run computer instructions. Household items such as smart thermostats and appliances, as well as sensor-equipped wearable devices, are a few examples of currently popular IoT devices. New IoT devices are rapidly becoming available and adopted by household users. By the year 2017, the average number of connected devices per household is projected to grow to 25 devices, and to 50 devices by the year 2020.
IoT devices are in fact networked computing devices, albeit typically with relatively low amounts storage, memory, power supply and processing capability, and frequently with no display. Another key characteristic that most of these first generation connected IoT devices share is low security. As networked computing devices, IoT devices are vulnerable to malware, network attacks, data theft and the other security threats to which other networked computers are subject.
The manufacturers of these first generation IoT devices (many of which are already on the market) tend to have little or no experience building secure software. Additionally, as time to market of new devices is a priority for manufacturers in this area, security is often neglected. As such, these devices create a number of different potential vulnerabilities. The devices themselves may be subject to compromise, or their behaviors could compromise other systems on the same network. IoT devices often have corresponding cloud services, on which they store information about their customers and the data that they gather. These cloud services can also be insecure. The combination of IoT device vulnerabilities, associated cloud service vulnerabilities, and IoT devices potentially compromising the data they handle and the network on which they are installed is very real and very serious.
The users who are the early adopters of first generation connected devices typically enjoy the convenience of these devices. However, the users tend to be blissfully unaware of the security risk that these devices impose on their network. These devices might be compromising their most sensitive and critical data which would otherwise be more protected behind a firewall. For example, take the case of a cautious user who has been afraid to put scanned copies of his/her tax returns, passport and bank statements in the cloud, and instead stores them locally on a hard drive which is backed up. By adding an IoT device such as a smart thermostat or the like to his/her network, such a user could be opening a direct access vulnerability to this sensitive data.
It would be desirable to address these issues.