The state of IoT security today is clear: it’s terrible.

Internet of Things devices are everywhere; from FitBits and Amazon Alexas to smart appliances and intelligent home security systems, they’ve already permeated our consumer lives.

Outside of the consumer space, however, IoT is even more prevalent. IoT devices control electrical grid switches and public water systems; monitor road traffic in real-time to optimize city travel; track patient health in hospitals so doctors and nurses can stay alert; control servers for Facebook, Spotify, and our other favorite media sites; and much, much more. Not to mention, IoT devices will soon be increasingly used in music, construction, film, and countless other industries – in addition to totally permeating infrastructure, healthcare, and home life. As machine learning and blockchain become more sophisticated, they’ll integrate with IoT as well. Its potential will only grow with time.

Obviously, the prevalence of these IoT devices makes them a prime target for a whole variety of hackers (from nation-states and cyberterrorists to hacktivists and organized crime groups). Ransomware and other forms of extortion are just two types of cyberattacks we’ve seen; the Mirai malware from this past August, which wiped out entire Internet services across the east coast, is a prime example of how damage might not just be financial. We only need look to other countries to see how these attacks can be replicated against electrical grids and other critical infrastructure, potentially putting millions of lives at risk.

On top of this already precarious situation is that IoT devices are insecure-by-default. Encryption is often sub-standard; basic hardware security features are overlooked; default passwords are weak and duplicated across devices; and internal security controls, like dynamic information-flow tracking, are similarly (almost) nonexistent.

There are certainly reasons for this fact. IoT devices possess significantly less computing (Read more...)