Beware the Ticking Internet of Things Security Time Bomb

alphadogg writes: A panel of security experts, including from IBM, LogMeIn and formerly RSA, warn that IoT security is a growing threat because device makers haven't baked in security. IT security staffs are already inundated with safeguarding internal infrastructure and cloud-based resources, so guarding against a slew of new threats is likely to be overwhelming. LogMeIn's Paddy Srinivasan says most Internet-of-things OEMs "barely even have IT staff," so they aren't capable of developing rigorous security even if they wanted to. IBM’s Andy Thurai says most companies are rushing technology to market to try to monetize you as much as possible, and they aren't even willing to give you a cut for the data you supply. Regulations may help, but probably not enough and definitely not soon.

We'll Party Like It's 1999.

[marienf]

I remember new year's eve Y2K, and everyone expecting blackouts, etc.. and me driving around with an X10 wireless remote,
sending random commands to sequential channels. People's lights went on and off, burglar alarms (dis)armed themselves,
garage doors opened, sprinklers sprinkled water onto the cold pavement (with great ice potential). People panicked. X10 had no notion of authentication. Probably still hasn't.

Now, I had to drive around, because I was using a commercial-grade transmitter, my range and impact were limited.

Now, Imagine that kind of attitude, but with everything just a few network hops away, no range limits, and with the Invisible Hand clearly not having spanked the market into having a clue.

Image a person less mature than me and that same kind of attitude, today. Or several thousands of them. Spread over the globe.

I can image the havoc, I'm having trouble imagining the useful applications.. A matter of age? I'm not near to connecting stuff I don't have to.

Imagine what would happen if the Silons attacked, also.

If an IOT device phones home DO NOT BUY IT

[atrimtab]

if you cannot completely turn that intrusive privacy robbing feature OFF permanently. Devices that phone home to their real corporate master are not owned or controlled by YOU.

It is really that simple. That means don't buy Dropcam or a Nest or any of the other "easy to use" everything is stored "in the cloud" IOT devices that are out there and are the most heavily promoted.

There are nwtwork security cameras you can secure easily and control the recordings of. There are also "home automation" devices that only talk to each other within a defined area using reasonable encryption. You just have to be very careful and research what you are buying.

I note that in my last visit to BestBuy every IOT and home automation device promoted was more useful to the company who manufactured it that was collecting all the customers data than to the customer.

You can program your home router to block all outgoing traffic except from devices you select and you will find that many IOT devices will no longer work if you block their ability to "phone home."