Welcome to the first in our series of blog posts on the Internet of Things (IoT), where we’ll discuss security considerations when it comes to IoT devices.
When it comes to the Internet of Things, I believe in one simple mantra: the smarter the device, the dumber the security vulnerabilities. Now, it’s not because I’m an analog-loving hipster or cantankerous luddite (I’m just a curmudgeon), but because of the overwhelming amount of engineering work that needs to be done in order to secure a device.
The reality of bringing a product to market is that the engineering effort is focused mainly on product features with security as an afterthought, if it’s even a thought at all. After all, most consumers are looking for slick features when they buy a product, not whether their data or privacy are secured.
Security engineering lives in a paradoxical world where the individual steps to build security are simple, but the process of applying security within an organization is a monumentally difficult, even Sisyphean, task. Ultimately, the result is in a neat shiny smart device, which is shipped to consumers with really dumb and obvious vulnerabilities that end up launching a distributed denial of service (DDoS) against the Internet. Who loses in the end? The consumers. Occasionally, the vendor also suffers brand damage and a loss in sales.
Here are a couple of questions you should ask before making your next IoT purchase, to make sure you’re not unnecessarily exposing yourself and your family to random strangers and/or malevolent actors in the Internet:
#1: Does This Thing Really Need to Connect to the Internet?
The first question that should be on your mind is, “does this device really need an Internet connection?” For example, an Internet-connected security camera’s value proposition is that you (Read more...)
*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Jeffrey Tang. Read the original post at: https://threatmatrix.cylance.com/en_us/home/internet-of-things-questions-you-should-ask.html