Apps for living room lamps, smart fridges and wearables: IoT has reached our daily life. For customers it is a very useful technology, but, on the other hand, a pretty risky one.
IoT security became a much-discussed topic as recently the news came that a botnet attacked a blog of a US security expert through a large amount of devices connected to the Internet. In October multiple DDOS attacks caused widespread disruptions of internet services in the USA.
A growing threat
Now countries are asked to determine standard rules for IoT devices and security guidelines. For the future, manufacturers should have a greater responsibility while smart devices have to meet particular minimal requirements.
The primary focus of IoT is on sensible data of individuals or enterprises. Thus, privacy and security must be guaranteed. Moreover, IoT systems must be secured, especially when such critical infrastructures as energy supply or traffic control systems are involved.
A standard IoT framework consists of peripheral units like sensors, adapters, beacons and a gateway for communication with devices as well as a back-end server. Hence, lots of elements have to be considered regarding their safety.
Basic security measures
For cost reasons connected devices have a generic password that user is not obligated to change. Knowing the password at the moment of delivery, the criminals can hack any device. An individual password can significantly improve the security level.
Automated installation of security patches
The majority of smart devices do not receive updates like smartphone and PCs. It is an indispensable requirement for secure application. It is hardly possible for users to update every single connected device in house. That’s why an automated update process is highly important.
User notification about security issues
Users of IoT devices can’t be expected to check the website of manufacturer on information about potential security leaks. For that reason, manufacturers should be obligated to provide effective information.
Encryption is a crucial element of the IoT security. Before transmitted, data need to be encrypted. This also applies for data transfer between a device and a mobile app as well as other networks, e.g. Cloud. In addition, device software updates also require an encryption.
In the IoT environment proactive security measures at all levels are urgently required. Moreover, they should be integrated into the system design. It is important to detect all vulnerabilities and threats through a regular device monitoring and updating. Furthermore, precise security controls have to be determined to ensure sensible data protection.