Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why IoT Security Is So Critical (techcrunch.com)

Posted by Soulskill on from the because-people-can't-shut-up-about-it dept.

An anonymous reader writes: Software engineer Ben Dickson starts off an opinion piece about Internet of Things security with this amusing comment: "Twenty years ago, if you told me my phone could be used to steal the password to my email account or to take a copy of my fingerprint data, I would've laughed at you and said you watch too much James Bond. But today, if you tell me that hackers with malicious intents can use my toaster to break into my Facebook account, I will panic and quickly pull the plug from the evil appliance." Dickson then lays out many of the issues with securing internet-connected devices, and explains the work being done to make them more secure. He highlights areas that manufacturers must focus on: "In contrast to human-controlled devices, they go through a one-time authentication process, which can make them perfect sources of infiltration into company networks. Therefore, more security needs to be implemented on these gateways to improve the overall security of the system. ... There also must be a sound plan for installing security updates on IoT devices. Each consumer will likely soon own scores — if not hundreds — of connected devices. The idea of manually installing updates on so many devices is definitely out of the question, but having them automatically pushed by manufacturers also can be a risky business."

7 of 148 comments (clear)

  1. Why "IoT" security is so critical by Anonymous Coward · · Score: 5, Insightful

    is because morons won't stop adding devices to the "IoT" instead of leaving them dumb like they should be. FFS this is a problem created by a trend with no benefits in the first place.

  2. DOA by Anonymous Coward · · Score: 3, Insightful

    Google/phone manufacturers cant even keep android phones patched more than a few years. What makes people believe that "IoT" devices will do any better?

    1. Re:DOA by peragrin · · Score: 4, Insightful

      Look at smart TV's and the number of updates that they get.

      Manufacturer's goals are not compatible with IoT concept. you own your TV for a decade or more between replacing it. Refrigerator's can go 20+ years easy.

      Do manufacturer's really want to provide support that long? if the answer is no then it doesn't belong in the Iot category.

      --
      i thought once I was found, but it was only a dream.
  3. Why the Internet of Things is so stupid by mbone · · Score: 4, Informative

    Fixed that headline for you.

    Engineers with a hammer treating everything as a nail, and marketeers seeking to mine information from everyone's daily actions are evidently a very bad combination.

  4. Always the same stupid story, again and again by gweihir · · Score: 4, Insightful

    First, it was mainframes that were insecure. When they were finally secured, the same mistakes were repeated with workstations. Then the same mistakes were repeated with PCs. Now they are repeated with mobile phones and with cars. Next they will be repeated with IoT.

    The problem is that most people are completely unable to learn from experiences made by others, and so they repeat the same stupid mistakes whenever there is a new application field. The experts are available and could do better, but they do not get used, because all the bright-eyed "innovators" do not have a clue what they are doing.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  5. Because right now by rsilvergun · · Score: 4, Funny

    someone could be in my kitchen, digitally making themselves a grilled cheese sandwich with neither my knowledge or consent. And don't say it's just my teenager, I can't get her to step foot in a kitchen.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
  6. It's not critical. by Lumpy · · Score: 3, Interesting

    My door sensor does not need 128 bits of encryption. it needs to talk to a hub inside my home unencrypted, and then the link out from there needs to be secure. The problem is all these "experts" dont have a clue at all about all of this and are clamoring that we need heavy security on everything! ZOMG!!!

    WE don't. what we need is 100% open on all the devices so that as the owner of a device I can use it with whatever I want in whatever way I want. heavy security means I will never ever be able to do that.

    All of the IOT (I really hate that acronym) crap needs to talk to a single hub and that when allowed to communicate out needs security. There needs to be absolutely ZERO security on the inside protected network other than what already exists with decent systems like Z Wave or Zigbee where they get a key from the hub they join and only talk to that network. can it be still hacked? yes but not by the typical thief who really would not care to as all he has to do is a smash and grab.

    My toaster does not need to tweet or talk to westinghouse's servers. it needs to talk to my HA hub, and from there I can decide if it needs access to post to slashdot that my double cinnamon raisin toast is done.

    --
    Do not look at laser with remaining good eye.