Comments
HP Warns Of IoT Security Risks
Oldest First  |  Newest First  |  Threaded View
Page 1 / 2   >   >>
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
7/29/2014 | 1:14:43 PM
the benefits of insecurity
Technical insecurity is job security. The Internet of Things will ensure employment for capable security professionals for the foreseeable future.
Stratustician
50%
50%
Stratustician,
User Rank: Ninja
7/29/2014 | 1:38:52 PM
Maybe we should rename it the Insecurity of Things
70% of tested devices had vulnerabilities, is it just me or does that seem like it should be setting off a lot of red flags?  As more devices become connected, how are we ensuring that these devices are meeting security and privacy guidelines and standards?  It seems as if we are more happy to have these devices and ignore the inherent risks than hold these manufacturers responsible for these vulnerabilities.
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
7/29/2014 | 2:37:59 PM
Re: Maybe we should rename it the Insecurity of Things
It's very frustrating to see the same kinds of issues cropping up in the IoT world that we're already struggling with on the Web. My guess is that part of the issue is manufacturers don't think there can be much harm done if these devices are compromised. And perhaps that's true while we've got tiny islands of IoT devices that don't connect to other systems. But connectivity inevitably gets extended, and it's not hard to imagine some kind of uber control service that runs both your home security system and your sprinklers. How ironic would it be for a fancy home security system to get compromised because of vulnerabilities in a lawn sprinkler?
Laurianne
50%
50%
Laurianne,
User Rank: Author
7/29/2014 | 3:43:21 PM
Re: Maybe we should rename it the Insecurity of Things
Drew, among the network of device makers, who has a financial incentive to push for industry-wide IoT security standards?
Charlie Babcock
100%
0%
Charlie Babcock,
User Rank: Author
7/29/2014 | 4:18:51 PM
Ah, we've seen this movie before
The suppliers of devices for the Internet of Things are engaged in a feature race, not a race to be secure. The first round of competition will focus on features and ease of use, as did the first round of browser competition and the race to get Windows established. It's only after the problems crop up that we remember that this also happened the last time we had a wave ripple out to computing devices and over the Internet.

 
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
7/29/2014 | 4:22:26 PM
Re: Maybe we should rename it the Insecurity of Things
In the consumer industry, I'd say no one at this point because most of the outcomes of a hacked IoT device aren't that severe.The problem is, when security gets added on later once real problems arise, it means systems are less safe than if security had been built in from the start.

We might see more consumer-oriented action if the automotive industry gets deeply into IoT, i.e. as the car becomes more of a mobile hotspot and has apps that connect to third-party devices and systems, like reporting on your driving behavior to your insurance company, or ordering and paying in advance for a meal on at a turnpike rest stop. Once you add payments to the IoT mix, you get the security incentive.

However, I'd say medical device manufacturers and the healthcare industry have a significant stake in driving IoT security standards, if only for liability issues. Same for the use of IoT in industrial controls and manufacturing.
Drew Conry-Murray
IW Pick
100%
0%
Drew Conry-Murray,
User Rank: Ninja
7/29/2014 | 5:17:10 PM
Re: Ah, we've seen this movie before
That's what's so frustrating! We can guarantee that IoT devices will be hackable, and we have the recent history of the Web to demonstrate that people can and will find vulnerabilities and create exploits, whether for the lulz, vandalism, or to commit crime. We know it's going to happen, and yet still we have to go through the whole stupid dance.

The first time someone gets hurt or ripped off by an IoT vuln and the manufacturer says "I had no idea!" I propose that the CEO has to have the words "I'm a jackass" tatooed to his or her head.
Laurianne
50%
50%
Laurianne,
User Rank: Author
7/29/2014 | 5:31:40 PM
Re: Ah, we've seen this movie before
Drew, exactly right -- and I was already frustrated by Target :)
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
7/30/2014 | 1:08:38 PM
Re: ah, we’ve seen this before
If you are still using IoT then I guess you have yourself to blame because I am very sure that something bad is going to happen to you. This has been said like a million times and I just don't have better words to warn you. Thank you for this great article.
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
7/31/2014 | 4:43:00 PM
Re: Ah, we've seen this movie before
Drew,

Very,Very True![And I am sure Informationweek also agrees].

The big issue is why don't the Manufacturers spend more Secure Coding Best Practices and related issues?

Its not that difficult-It costs time and Money.

And when everyone is simply engaged in an Arms Race to push Solutions out faster than the next ,These "Minor" things can be overlooked.

Here's some clear-cut Research even the Security Firms are failing at the job they are supposed do-Decisively.

http://www.networkworld.com/article/2459761/antivirus-products-riddled-with-security-flaws-researcher-says.html

Regards

Ashish.
Page 1 / 2   >   >>


Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 16, 2014.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.