Why IoT Security Is So Critical

An anonymous reader writes: Software engineer Ben Dickson starts off an opinion piece about Internet of Things security with this amusing comment: "Twenty years ago, if you told me my phone could be used to steal the password to my email account or to take a copy of my fingerprint data, I would've laughed at you and said you watch too much James Bond. But today, if you tell me that hackers with malicious intents can use my toaster to break into my Facebook account, I will panic and quickly pull the plug from the evil appliance." Dickson then lays out many of the issues with securing internet-connected devices, and explains the work being done to make them more secure. He highlights areas that manufacturers must focus on: "In contrast to human-controlled devices, they go through a one-time authentication process, which can make them perfect sources of infiltration into company networks. Therefore, more security needs to be implemented on these gateways to improve the overall security of the system. ... There also must be a sound plan for installing security updates on IoT devices. Each consumer will likely soon own scores — if not hundreds — of connected devices. The idea of manually installing updates on so many devices is definitely out of the question, but having them automatically pushed by manufacturers also can be a risky business."

It's not critical.

[Lumpy]

My door sensor does not need 128 bits of encryption. it needs to talk to a hub inside my home unencrypted, and then the link out from there needs to be secure. The problem is all these "experts" dont have a clue at all about all of this and are clamoring that we need heavy security on everything! ZOMG!!!

WE don't. what we need is 100% open on all the devices so that as the owner of a device I can use it with whatever I want in whatever way I want. heavy security means I will never ever be able to do that.

All of the IOT (I really hate that acronym) crap needs to talk to a single hub and that when allowed to communicate out needs security. There needs to be absolutely ZERO security on the inside protected network other than what already exists with decent systems like Z Wave or Zigbee where they get a key from the hub they join and only talk to that network. can it be still hacked? yes but not by the typical thief who really would not care to as all he has to do is a smash and grab.

My toaster does not need to tweet or talk to westinghouse's servers. it needs to talk to my HA hub, and from there I can decide if it needs access to post to slashdot that my double cinnamon raisin toast is done.