Why IoT Device Security Remains Abysmal


Without better security, home IoT devices can cause more problems than they solve.

Researchers at Princeton’s Center for Information Technology Policy looked at a number of IoT devices, and looked specifically at information sharing on those IoT devices. The idea was to see just how secure they actually are. Among those devices were the most popular in the retail world, including: Belkin WeMo Switch, the Nest Thermostat, Sharx Security Camera, Ubi Smart Speaker, and more.

What they found is that some of these devices transmit their data in the open, more or less for anyone to see. For example, Nest thermostats leaked customers’ ZIP codes over the Internet, meaning that user location information, as well as the coordinates of company weather stations, weren’t secure. Nest patched the flaw when it was notified.

Other issues were easily hacked WiFi cameras, which included the ability to see the video. The IoT cameras were using an unencrypted FTP connection. Indeed, the largest problem is that IoT device providers don’t use encryption, and thus the data they transmit is often open for anybody to see.

The issue is the data that’s actually being transmitted, and the misleadingly low level of importance we place on that data. Do we really care if data coming from our Nest thermostats falls into the hands of bad guys? This may seem trivial until you remember that the Nest also tracks whether a house is occupied or not, and that could be a nice way for burglars to figure out a good time to break in. At least the Nest will turn on the heat for them; you would not want those guys to feel cold as they rob you blind.

IoT device security: an afterthought

The core message here is that IoT security seems to be an afterthought. Perhaps this is because IoT providers see the data as innocuous. However, data gathered in aggregation with other data starts to provide meaning, perhaps meaning that you really don’t want others to know.

 Related: Three modes of entry for IoT hacking

 For instance, think about the use of smart phones to provide navigation, such as Waze. We freely give up our locations, even our speed, to get a good navi system that’s able to proactively route us around traffic. Now, consider that data mashed up with your text messages, and time spent parked, and you have another level of understanding that you would not like to share with just anyone.

For the most part, we’re willing to give up some privacy for devices and apps that make our life easier. I’m always surprised at what people share on social media, and wonder if they’ve really thought through how others could use that information. However, they do gain from the relationships they create, so they continue to share.

IoT devices are much more passive, in that they sneak into our lives to provide better ways to cool and heat a house, turn lights off and on, and even answer the door. In those instances, we need the IoT device makers to protect our data, and that means adopting better security approaches and mechanisms. Lacking that level of security, IoT devices have the potential to create more problems than they solve.

 Related: What’s scary about a set-top box? Privacy.

Want more? Check out our most-read content:

White Paper: How to ‘Future-Proof’ a Streaming Analytics Platform
Research from Gartner: Real-Time Analytics with the Internet of Things
E-Book: How to Move to a Fast Data Architecture
The Value of Bringing Analytics to the Edge
Three Types of IoT Analytics: Approaches and Use Cases
Fast Data: Why Business and IT Are Now Inseparable
How In-Memory Data Grids Turbocharge Analytics

Liked this article? Share it with your colleagues!

David Linthicum

About David Linthicum

With more than 13 books on computing and 3,000 published articles, David has shown businesses how to use resources more productively and innovate constantly (full bio). Reach him on twitter @DavidLinthicum.

Leave a Reply

Your email address will not be published. Required fields are marked *