A few years ago, when you thought of all the devices connected on your home network, a desktop, a laptop and maybe an iPod or one of the first smartphones would be on the top of your list. Before advances in Wi-Fi, you could easily create a simple diagram of your home network and the few devices connected to it. People would worry about wiring their homes with CAT-5 cable for their desktop and a laptop. Now with Wi-Fi, wiring the home is no longer a big deal. Laptops, smart phones, tablets and more can all be used wirelessly, even for streaming video.
Speaking of video, why not have the TV connected to the network, for streaming YouTube or even checking Twitter? While we’re in the living room what if we add gaming consoles, video security systems and even utilities controllers, then we move to the kitchen and connect refrigerators? Anything that could possibly be remotely controlled could be implemented as a connected device. Wouldn’t it be cool to be on vacation and control your home lighting, change your thermostat, monitor your surveillance cameras, and maybe even check if your fridge needs restocking? Since adding networking technology to these types of appliances requires small form factors, the software used for operating systems would need to be stripped down and not as resource-intensive as your giant gaming system.
Normally when you think of a stripped down operating system, you may think of Linux with few packages installed, ports locked down, small disk space and minuscule memory requirements. This is correct, and if you minimize your attack surface, you minimize risk. Appliances are also meant to be maintenance-free. You don’t require a system admin to be shipped with your refrigerator or complex system configuration to get your TV setup. You just expect to plug it in and start watching Breaking Bad. This is where security becomes an issue. Computer systems need maintenance and proper configuration. If an appliance is not fully and properly secured, configured, then shipped out to the customer, it will most likely never be secured. This is why security needs to be implemented from the start. Quality control before shipping out to production is essential. Everyone is familiar with vehicle recalls, right? The Toyota scandal, where lives were in danger, for example. A little mistake that doesn’t get caught by QA could have huge ramifications. These Internet of Things (IoT) devices shouldn’t be as complex as a Toyota nor have the capacity to cause loss of life, but similar mistakes can and do happen.
When beginning these IoT projects, security should be embedded and implemented throughout the development of these cool Internet connected gadgets. This way the customer gets the device and connects it worry free, without the need to lock down services, apply a firmware upgrade/patch or change settings based on some recent vendor security bulletin. Your every day consumer doesn’t know Linux command line and may even have difficulty downloading a firmware file and uploading it to the IoT device’s web interface.
The Internet of Things is the spread of hackable technology. It is our job to make sure these new technologies are secure and not hackable, to the greatest extent we can. Wearable technology is starting to grow as well. Do we want our watches hacked? Our home security systems, our lights, our kitchen appliances, our TVs, our Xbox Ones or PS4s? Of course not, but manufacturers need to take the effort to ensure they are designed as secure as possible from the start.
– Albert Campa