Yesterday’s news regarding the FCC censure of Trendnet for lax security measures that allow unsophisticated hackers to view home camera feeds has sharpened the focus on the Internet of Things (IoT). As more devices become network connected, and these devices play a more critical role in our daily lives, we need to be mindful of how much of our cherished privacy and necessary security is being exposed and vulnerable.
Home automation systems, and standalone devices such as door locks, medical monitoring systems and even automobiles are all internet connected and therefore subject to hacking. Kashmir Hill of Forbes did some excellent work on this issue and was recently interviewed by PBS Newshour.
She detailed how easy it was for her to gain access to cameras, baby monitors, garage door openers and the like using no more than a search engine called Shodan and the default username/password of popular devices. Home devices are not the only ones exposed. You can find construction vehicles and much more, many poorly secured and accessible. The StuxNet virus illustrates that industrial systems are vulnerable and targeted for malware.
Kiosks and other devices in the self-service space are also targets for hackers. For an overview of how easy it is, visit: This presentation by Paul Craig of security-assessment.com.
These stories and trends bring out some clear action items for both users and manufacturers of these devices. Users must not leave the default username and password combinations. These are public knowledge and are easy to change. Keep the firmware updated to get the latest security patches for all these connected devices. Registering your device with the manufacturer will help you know about the latest available firmware. Use port forwarding, or better set up a VPN if you router has that capability.
Manufactures need to better address these security issues as well, or face the types of sanctions that Trendnet is facing now. Make security a priority thought the life cycle of the device, from initial requirements, through product testing, and continuing threat assessment. Patch security holes as they are reported and push firmware out to users. Manufacturers must balance the need for security with maintaining the low cost that makes these devices affordable to the target audience. That is much harder to do for home systems than industrial devices. As the Internet of Things becomes more ubiquitous, it becomes a necessity rather than a differentiator.
[avatar user=”dp_david” size=”thumbnail” align=”left”] David Weiss, President
Dataprobe Inc.