Comments
HP Warns Of IoT Security Risks
Threaded  |  Newest First  |  Oldest First
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
7/29/2014 | 1:14:43 PM
the benefits of insecurity
Technical insecurity is job security. The Internet of Things will ensure employment for capable security professionals for the foreseeable future.
Stratustician
50%
50%
Stratustician,
User Rank: Ninja
7/29/2014 | 1:38:52 PM
Maybe we should rename it the Insecurity of Things
70% of tested devices had vulnerabilities, is it just me or does that seem like it should be setting off a lot of red flags?  As more devices become connected, how are we ensuring that these devices are meeting security and privacy guidelines and standards?  It seems as if we are more happy to have these devices and ignore the inherent risks than hold these manufacturers responsible for these vulnerabilities.
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
7/29/2014 | 2:37:59 PM
Re: Maybe we should rename it the Insecurity of Things
It's very frustrating to see the same kinds of issues cropping up in the IoT world that we're already struggling with on the Web. My guess is that part of the issue is manufacturers don't think there can be much harm done if these devices are compromised. And perhaps that's true while we've got tiny islands of IoT devices that don't connect to other systems. But connectivity inevitably gets extended, and it's not hard to imagine some kind of uber control service that runs both your home security system and your sprinklers. How ironic would it be for a fancy home security system to get compromised because of vulnerabilities in a lawn sprinkler?
Laurianne
50%
50%
Laurianne,
User Rank: Author
7/29/2014 | 3:43:21 PM
Re: Maybe we should rename it the Insecurity of Things
Drew, among the network of device makers, who has a financial incentive to push for industry-wide IoT security standards?
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
7/29/2014 | 4:22:26 PM
Re: Maybe we should rename it the Insecurity of Things
In the consumer industry, I'd say no one at this point because most of the outcomes of a hacked IoT device aren't that severe.The problem is, when security gets added on later once real problems arise, it means systems are less safe than if security had been built in from the start.

We might see more consumer-oriented action if the automotive industry gets deeply into IoT, i.e. as the car becomes more of a mobile hotspot and has apps that connect to third-party devices and systems, like reporting on your driving behavior to your insurance company, or ordering and paying in advance for a meal on at a turnpike rest stop. Once you add payments to the IoT mix, you get the security incentive.

However, I'd say medical device manufacturers and the healthcare industry have a significant stake in driving IoT security standards, if only for liability issues. Same for the use of IoT in industrial controls and manufacturing.
batye
50%
50%
batye,
User Rank: Ninja
8/3/2014 | 12:38:14 AM
Re: Maybe we should rename it the Insecurity of Things
Could not agree more... as everyone want it now... but tend to forget about security... or hide the problem...
Charlie Babcock
100%
0%
Charlie Babcock,
User Rank: Author
7/29/2014 | 4:18:51 PM
Ah, we've seen this movie before
The suppliers of devices for the Internet of Things are engaged in a feature race, not a race to be secure. The first round of competition will focus on features and ease of use, as did the first round of browser competition and the race to get Windows established. It's only after the problems crop up that we remember that this also happened the last time we had a wave ripple out to computing devices and over the Internet.

 
Drew Conry-Murray
IW Pick
100%
0%
Drew Conry-Murray,
User Rank: Ninja
7/29/2014 | 5:17:10 PM
Re: Ah, we've seen this movie before
That's what's so frustrating! We can guarantee that IoT devices will be hackable, and we have the recent history of the Web to demonstrate that people can and will find vulnerabilities and create exploits, whether for the lulz, vandalism, or to commit crime. We know it's going to happen, and yet still we have to go through the whole stupid dance.

The first time someone gets hurt or ripped off by an IoT vuln and the manufacturer says "I had no idea!" I propose that the CEO has to have the words "I'm a jackass" tatooed to his or her head.
Laurianne
50%
50%
Laurianne,
User Rank: Author
7/29/2014 | 5:31:40 PM
Re: Ah, we've seen this movie before
Drew, exactly right -- and I was already frustrated by Target :)
batye
50%
50%
batye,
User Rank: Ninja
8/3/2014 | 12:34:51 AM
Re: Ah, we've seen this movie before
same here in Canada we do have same problem with Target.... we are in the same boat :)
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
7/31/2014 | 4:43:00 PM
Re: Ah, we've seen this movie before
Drew,

Very,Very True![And I am sure Informationweek also agrees].

The big issue is why don't the Manufacturers spend more Secure Coding Best Practices and related issues?

Its not that difficult-It costs time and Money.

And when everyone is simply engaged in an Arms Race to push Solutions out faster than the next ,These "Minor" things can be overlooked.

Here's some clear-cut Research even the Security Firms are failing at the job they are supposed do-Decisively.

http://www.networkworld.com/article/2459761/antivirus-products-riddled-with-security-flaws-researcher-says.html

Regards

Ashish.
batye
50%
50%
batye,
User Rank: Ninja
8/3/2014 | 12:33:58 AM
Re: Ah, we've seen this movie before
yes, it like arm race, during Cold War... as this days nothing is secure...
batye
50%
50%
batye,
User Rank: Ninja
8/3/2014 | 12:36:00 AM
Re: Ah, we've seen this movie before
this days Co. try to spend less but get more... or pretend they getting more... paying at the end with security holes...
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
7/30/2014 | 1:08:38 PM
Re: ah, we’ve seen this before
If you are still using IoT then I guess you have yourself to blame because I am very sure that something bad is going to happen to you. This has been said like a million times and I just don't have better words to warn you. Thank you for this great article.
BrianRay
50%
50%
BrianRay,
User Rank: Apprentice
8/7/2014 | 9:04:07 AM
Security from the start
I think the real key is designing security in from the very beginning. http://www.link-labs.com/blog/the-2-hows-of-iot-security


Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.