With the ongoing emergence of the interconnected technologies collectively known as the Internet of Things (IoT), it probably not surprising that security is a big issue. However, it may not be immediately clear how big that issue has grown. The IoT is no longer necessarily an industry or device category that needs to be marketed as the incoming future. It’s already here and will continue growing at an accelerated rate over the next several years thanks to billions of dollars of investments. Those will come from across the board, from big companies such as Microsoft, Google, Samsung, as well as from smaller organizations and startups. That is actually a substantial portion of the problem but it doesn’t seem to be anything being done about it. Instead, most agencies and companies seem content to face down vulnerabilities and breaches after they’ve already happened. It could be argued that things are only going to get worse.
It’s fair to say that key aspects of the technology have been standardized into various underlying platforms, including some steps toward securing newer devices. However, there isn’t yet a lot of regulation for its security. Moreover, the problem lies in both the nature of IoT and its continuing growth, as outlined above. Anybody who has been following the explosion of new tech products is probably already well aware that a key selling point to those is how interconnected they are. Using only one newer introduction for an example, refrigerators are touted as connecting to smartphones and, by proxy, to other devices such as wearables through those. More importantly, they connect to central hubs for on-demand control, to the internet itself, and to other IoT products.
The significance is that nearly all “IoT” technologies work in a similar way, resulting in massive networks within even a small household or business. As already mentioned, this is already a very large industry. Some researchers have claimed that as many as 27,716 vulnerable entry points can exist in a single hospital and have said that a substantial portion of that number is from the interconnected devices in question. That means that even if those devices featured comprehensive security, there are quite a lot of nodes there to keep secure. That security, meanwhile, isn’t necessarily any better than standard security elsewhere, in spite of the added risks of such a massive network of devices. Moreover, security updates are unlikely to remain regular or arrive in a reasonable time frame, even when each device is made by the same manufacturer. It won’t necessarily be easy for any individual to buy all of their devices within a single ecosystem, to begin with, either. Most companies participating in the IoT revolution have their own specialization or categories on which they focus.
Not only have researchers continued to find new vulnerabilities, such as those found in hospitals. They have noticed that despite the uptick in the number of connected items and the security situation is not said to be improving alongside that. That’s in large part down to the fact that so many older devices in the category can still be purchased and haven’t been improved. Tying in with that is the fact that it isn’t just home products that are affected. The incoming flux of self-driving, connected vehicles, or smart vehicle products, includes more than just cars and trucking or delivery platforms. Each new introduction is effectively a further node in a growing network that could be viewed as extending to include nearly every device in any given area once those become ubiquitous. The security on some of those and in autonomous vehicles, in particular, will almost certainly be considered to be more important. So that part of the problem will likely be partially solved before it grows out of control. But that doesn’t mean there aren’t going to be plenty of curious or malicious actors willing to test the limits of that security looking for exploits.
The solution to all of this, for the time being, may just be in the diligence of consumers. There are bills that have been introduced to begin solving the problem. However, the legislative process is necessarily slow both to ensure that regulations are as comprehensive as possible and as a result of bickering about details. Corporations, manufacturers, and other companies or organizations are beginning to look for solutions, too. That may be even slower since an IoT ecosystem is most often comprised of devices that aren’t only made by one or two of those. Since each node in the network could feasibly act as an entryway to gain deeper access, or with the goal of accessing an entirely different connected device, consumers need to be aware of the risks involved.