Common Internet of Things security pitfalls
Only a minority of consumers trust the brands they use. And the Internet of Things (IoT) itself has a trust problem in the consumer sector. Privacy concerns and poor user experience have “stymied adoption and created a hesitance among users to trust IoT devices,” wrote William Webb and Matthew Hatton in “The Internet of Things Myth.”
While the adoption of smart-home devices continues to tick upward, privacy and security concerns constrain their use to mainly routine tasks. The most popular smart speaker functionality, for instance, is merely playing music, according to eMarketer research.
Meanwhile, IoT device makers continue to face pushback from consumers and regulators over privacy and security. “We’re in a situation where [IoT manufacturers] are fighting these DDoS [distributed denial of service] attacks and all different types of hacking threats that are out there,” said Dilip Sarangan, senior director of research at Frost & Sullivan.
Add to that is the public’s frustration with how manufacturers implement Internet of Things security and privacy. Last year, an Internet Society survey found that 63% of respondents found connected devices to be “creepy.” Three-quarters of respondents did not trust IoT device markers to respect their preferences in how data is used.
The situation is unlikely to change until IoT manufacturers become savvier in terms of information governance. Here, we examine common pitfalls to avoid when developing an IoT product.
Believing Open-Source Software Is Bulletproof
Headlines about consumer IoT devices’ insecurity have remained prevalent in recent years. Most recently, researchers discovered a series of vulnerabilities known as Ripple20 found in hundreds of millions of IoT devices that extend well beyond the consumer sector. “The Ripple20 vulnerabilities affect a vast array of critical IoT devices, including healthcare systems, power grids, smart home devices and more,” said Natali Tshuva, CEO of Sternum.
The discovery of the Ripple20 vulnerability is not surprising, said Terry Dunlap, a former National Security Agency employee who is now the CEO of ReFirm Laws. Many IoT devices are built with open-source components. If there is a flaw in any of these components, “it’s going to get spread far and wide,” Dunlap said. While open-source software can provide greater oversight than proprietary software, open-source security researchers and developers can’t check for every possible security flaw.