“When it comes to IoT security you are only as strong as your weakest link”
The arrival of 5G technology is going to super-charge the connected age with many industry experts estimating that 5G will support of up to one million IoT devices per square kilometer – sixteen times more than our current 4G cellular technology can support.
Things are going to be connected to the Internet that we have not even previously thought of being connected – for example, who would have thought twenty years ago about connecting a fridge to the Internet?
The reality is that sometimes people are going to be activating devices after purchase not even realizing that these devices are connected to the Internet – and therefore that they are now personally susceptible to any security vulnerabilities in those products.
If people don’t properly consider securing the multiple IOT devices that are going into their homes and businesses then the results could be devastating both on a personal and financial level – let me give you some examples.
Connected Security Cameras: These are a great addition to any home – so long as you are the only one that can access the footage. If a network connected security camera is not secure then anyone with sufficient skill and intent can break into it and potentially view activity inside your home and record the footage – or even access pre-recorded footage. Scary…but perfectly possible.
Children’s Toys: We have seen an increasing trend in recent years for kids’ toys to be Internet connected via Wi-Fi technology – that may make them extremely vulnerable. We have already seen examples of hackers breaking into baby monitors and broadcasting into the home – imagine if someone accessed a child’s toy doll or car and could speak and interact with the child? Absolutely terrifying.
Printers: Modern printers are great! For less than $100 you can buy a colour printer, take it home and connect it to your home Wi-Fi and away you go – but many people overlook the fact that the printer is now on the Internet and is therefore discoverable. That means if someone hacks into your printer they may then be able to use that platform to gain access to other places on your home network – including your PC or laptop containing personal data.
So, the threats are indeed very real, but the fact of the matter is that this is not something Governments can come in and fix up with a single piece – or even a hundred pieces – of legislation in parliament, that’s just not possible in the real world of IoT security because, as with most technology, it is such a rapidly moving and fluid environment.
When it comes to assuring security for the IoT devices that are going into Australian homes and businesses, it will be up to the device manufacturers, distributors, retailers and integrators to work together to make sure devices are properly secure.
Consumers have a role too – they need to seek out information from their retailers – bricks and mortar or online – that the device they are buying has been designed with safety, privacy and security in mind.
At IoT Alliance Australia (IoTAA) we are playing our part in making that happen by putting together a framework for device manufacturers to follow to make sure they can bring devices to the market that are properly secure and safe to send into the marketplace – without pushing up the prices to make them unaffordable.
We are already a long way down the track to getting to where we need to get to and are talking to several major electronics manufacturers about working with us – but we can’t do it alone.
What we need is for consumers out there across Australia to really start taking IoT security seriously – this is absolutely not something to be taken lightly and the consequences of not acting could be profound with many small operators potentially forced out of business if they are breached.
This is not something our big corporations generally worry about because they have security teams to take care of security for them and IoT would be on their radars already.
However, for the average family or small business this is not something that anyone else can do for them – they are going to have to take matters into their own hands to some extent.
Consumers are going to have to get smart when they are buying ANY device for their home or business that is going to be connected online. They will need to check out what they are buying to ensure it meets good security practice and guidelines, including those being put together by the IoTAA.
For their part, whilst Federal or State Government’s may not be able to legislate their way to a more secure IoT environment they can still play their role by making sure that their procurement programs rewards vendors doing the right thing on IoT Security.
There are huge benefits to be had from the connected era and there are things ahead that technological advancements, such as 5G, will deliver that we cannot yet imagine but those rewards don’t come without risks and we should not for forget that for one second.
Matt Tett is Managing Director of Enex TestLab and also acts as Chair of the Cybersecurity & Network Resilience Workstream at IoT Alliance Australia.