Adding connectivity with some degree of intelligence to things of our daily use lead us to Internet of Things (IoT). Introduction of these connected things, inside our personal spaces is creating smart homes and the adoption is already exponential.
Smart home promises an automated living experiences with in built convenience and efficient style of living. As per IDC projections in 2015, there will be 50 billion connected things by 2020 with a market worth of 1.7 trillion USD. This massive projection is more than exciting but the biggest risk to such a huge adoption is security of the connected things.
The large-scale adoption of smart home means a large sized target for attackers to attack. This may result into a financial as well as physical loss instead of promised convenience and energy savings.
Security risks involved in connected things may erode the confidence and consequently the projected adoption of smart home products by the consumers.
The connected things creates a great volume of sensitive data, creating a greater risk of data and identity theft, device manipulation and server/network manipulation.
As per Open Web Application Security Project’s (OWASP), the IoT vulnerabilities include inherent insecurities in web interface, mobile interface, cloud interface, network services and firmware. The vulnerabilities also include insufficiencies in authentication/authorization and security configurability. The lack of transport encryption, privacy concerns and poor physical security also adds up to list of vulnerabilities.
Another challenge unique to IoT systems is limited memory and computational power of micro controllers which are essential to convert dumb appliances into intelligent connected things. Implementation of security at device level is a big problem for IoT solution providers keeping in view the balance to be maintained in security and marketability of the end product.
Strategy to Mitigate the IoT Vulnerabilities
The all-encompassing strategy to mitigate the vulnerabilities is to cover every aspect from design to final support provided to end customer. It involves incorporation of security at the design phase and implementation of on the go security updates once the devices are already in market. The strategy must include proven security practices, prioritization of security measures and transparency across the whole Eco-system.
Putting IoT Security Strategy Vehicle into Action
The IoT solution providers have to involve security issue at all stages of IoT cycle. Security begins at design stage with special focus on threat modeling, secure component selection, component adaptability to future security measures and finally the resilience testing. The FOTA functionality is a must for remote updates, failure patching and data protection in case of security breaches. The options of standalone operations in case of connectivity problems can also give a greater confidence to users. The manufacturer must also educate the users for setting stronger user preferences through user configurations.
The users on their part can reduce the risk of security breaches by using strong passwords for device accounts and Wi-Fi networks, use of stronger encryption method when setting up Wi-Fi networks such as WPA2,disabling the remote access to IoT devices when not needed and disabling of features that are not being used like location information
Privacy is an Essential Part of Security
Last but not the least is the privacy issues. The IoT has the potential to provide unprecedented amounts of personal information. Such information may land in the hands of information abusers. OEMs need to provide privacy policies on how they handle such data and should adopt best practices to avoid reputational damages and adherence to regulatory requirements.