The Internet of Things (IoT) has already transformed how people live and work in many respects, with future developments just around the corner. Yet IoT connectivity is both a blessing and a curse for IoT developers and consumers: it enables the efficient exchange of data, but at the cost of greater security risks.
In this article, we’ll discuss some of the potential security flaws and issues with IoT connectivity, and how you can protect yourself against them.
What is IoT Connectivity?
IoT connectivity—the ability of an IoT device to connect to other systems or applications—is at the heart of the Internet of Things.
Despite the term “Internet” in “Internet of Things,” IoT devices aren’t necessarily connected through a wireless router. Cellular networks, Bluetooth, and wireless are all popular choices for how to achieve IoT connectivity between devices.
IoT devices may collect and share many different types and quantities of data, depending on the use case. Consumer IoT products like the Amazon Echo are constantly transmitting information, while seismic detectors may only send a report when they perceive an earthquake above a certain threshold.
Regardless of what these devices do (and how often they do it), IoT connectivity is a critical concern. The proper functioning of IoT products relies on sending and receiving information securely and reliably. IoT connectivity is doubly important if you plan to update the devices in order to add new features or patch security vulnerabilities.
The Potential Risks of IoT Connectivity
IoT connectivity is now pervasive in modern society, from home appliances and wearable technology to more heavy-duty use cases like the automotive and manufacturing industries. But the new possibilities of IoT also incur new risks, especially in consumer-facing products.
1. Security and privacy risks
IoT devices are inherently designed to collect and share large quantities of information. What’s less obvious to the end user, however, is the specific type of data they collect; how much data they collect; and how they store, use, and share this information.
Smart home devices like doorbell cameras and virtual assistants are constantly recording audio and video, which is an obvious security risk if this footage falls into the wrong hands. Yet even seemingly innocuous information, such as the timing patterns of smart light switches in your home, can reveal a great deal about how you live and work.
Less scrupulous IoT developers may decide to sell your personal data to advertisers or share it with other third parties—all with little indication that this is going on (unless you read the fine print in the terms and conditions).
2. Safety risks
Products from air conditioning units to door locks are now available with IoT functionality attached. This means that IoT devices have become responsible for controlling many different important things in people’s lives.
However, it’s not always apparent when something goes wrong in IoT software. The source of the problem may remain undetected until it becomes obvious for the end user in the real world.
While the implications of a malfunctioning IoT pool monitor may seem relatively benign, there are also far more serious consequences possible. For some IoT applications such as manufacturing and healthcare, crashes and errors can literally be a life-or-death situation.
3. Access risks
Preventing unauthorized access to IoT devices should be a primary concern. Because IoT is a relatively new development, however, the question of physical access is often ignored or overlooked in favor of sheer convenience.
Most businesses are wise enough to restrict access to their wireless routers by keeping them somewhere out of sight in an IT room, perhaps behind a metal grate. Yet most IoT devices don’t receive the same level of protection. In many cases, malicious actors could easily pop open an IoT device or even walk away with it red-handed.
In some cases, this ease of access even permits attackers to impersonate an IoT device—including all the permissions that the device has as part of a larger IoT system.
When Things Go Wrong with IoT Connectivity
When IoT connectivity goes wrong, it can go very wrong very quickly:
- In 2018, a couple in Portland, Oregon were horrified when they discovered that their Amazon Echo had secretly recorded their private conversation and sent it to one of their email contacts.
- The IoT search engine Shodan allows users to hunt for exposed IoT devices, including servers, cameras, appliances, and control panels.
- A “white hat” hacker spoke to an Arizona man through his IoT security camera, informing him that his password had been compromised and published online.
- In June 2019, medical device company Medtronic recalled 4,000 IoT insulin pumps after discovering a security hole that was not possible to patch.
- Multiple journalists and security researchers have demonstrated how an attacker can remotely seize control of an IoT-connected vehicle.
How to Prevent IoT Connectivity Risks
With all that said, how can you prevent a similar disaster scenario for your own IoT devices?
The most important thing is committing to making the effort to develop and maintain a secure IoT device. Far too many IoT development firms treat security as an afterthought, not a priority.
Part of the blame lies in the current state of the IoT consumer market. There’s a financial incentive for companies to get a jump on their business rivals by pushing their products out as quickly as possible. This is especially true for startups that are competing against mature, established IoT players like Amazon, Google, and Apple.
Security needs to be considered at every stage of the IoT development process, starting from design. Ask yourself questions such as:
- What kind of data will be collected by the device?
- What kind of data will be stored on the device?
- How does the device transmit information to other devices in the network?
- Is the data collected, stored, and transmitted by the device important enough to be encrypted while in transit and at rest?
Traditionally, IoT hardware security has received less of a focus due to the ease of physically accessing the devices (and thereby impersonating them by stealing their cryptographic key). However, this is changing with the growing adoption of hardware security modules (HSMs).
HSMs are physical computing devices that store SSL certificates without allowing users to tamper with them or read their contents. This feature enables an HSM to protect a device’s encryption key and prevent malicious users from impersonating it.
From a reactionary standpoint, enabling over the air (OTA) firmware updates is a very good idea. Installing updates remotely helps defend against security exploits and vulnerabilities that are discovered only after your product is released.
Creating Secure IoT Products
Security is an essential question for IoT connectivity. The good news is that you can take proactive steps to defend yourself and make your devices a less appealing target. However, you need to work with an IoT development company that knows IoT security best practices in order to mitigate your risk as much as possible.
Here at Very, IoT security is a preeminent concern from the start of every IoT project and throughout the development process. To learn more about how we create IoT products, check out our complete guide to IoT development.