Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Having an update mechanism is the first step to securing IoT: Rapid7

Nurdianah Md Nur | June 16, 2016
Besides that, user behaviour analytics enables security professionals to secure their organisation’s fragmented and immature IT environment, caused by the adoption of new technologies such as connected devices.

Corey Thomas Rapid7

Love it or hate it, there's no escaping the Internet of Things (IoT). In four years' time, 20.8 billion connected things are expected to be in use, according to research firm Gartner. While IoT promises multiple benefits - such as bringing convenience, increasing productivity, reducing costs, and enabling new products and services - it also creates new demands around security as such devices introduce vulnerabilities.

At last year's DEF CON hacking conference, security firm Pen Test Partners revealed a man-in-the middle vulnerability in the Samsung RF28HMELBSR smart fridge that can be exploited to steal the user's Gmail login credentials. Even internet-connected baby monitors had vulnerabilities and design flaws that could allow hackers to hijack their video feeds or take full control of the devices, according to Rapid7's study last year.  

While these devices operate in homes, their vulnerabilities do impact organisations, especially with the increasing trend of telecommuting. If connected devices are operating on the same networks used to connect to business assets, compromising the former may create a path to hacking into the external organisational network, according to Rapid7.

So how should we protect ourselves from IoT threats? According to Corey Thomas, President and Chief Executive Officer of Rapid7, securing IoT is a shared responsibility but the first - and most important-step is for IoT developers/vendors to create and deploy an update mechanism. "Most IoT devices are not updatable/patchable, meaning that once they're deployed, there's no mechanism to correct or fix major vulnerabilities or flaws. So the No. 1 responsibility for IoT vendors is to create a mechanism to update their products so that when security vulnerabilities are reported or discovered, patches can be deployed to those devices," he told Computerworld Singapore.

"[With that said], end-users who deploy connected devices also need to understand that they are responsible for maintaining and updating such devices. This goes beyond physical maintenance -- users must also assess the security risks of their connected devices and deploy software updates when available. For instance, besides changing the oil for your connected car regularly, you now need to also apply patches and update the software for your car. Since this requires a change in behaviour/mindset for end-users, IoT vendors need to make it easier for users to update their devices so that they will be more compelled to do so," he added.

Besides that, end-users need to ensure that they use unique, strong passwords for every account. "Don't use the same password for your home entertainment system that you use for your work email. It's a simple principle but an important one as you don't want your compromised device to affect the other parts of your technology life such as work matters," Thomas explained.  

 

1  2  3  Next Page 

Sign up for Computerworld eNewsletters.