A recent study shows that 70% of devices connected to the Internet of Things used unencrypted network services to relay information. In the world of PCs and mobile devices, security is well addressed. But in the evolving world of the Internet of Things, the market for which will surpass the PC and mobile markets combined by 2017 according to Business Insider, devices are still vulnerable. So let’s have a look at some of these vulnerabilities so businesses have a full appreciation of what they need to watch out for as they experiment with IoT:
- Deficiency inAuthorization:
IoT devices are going to be connected by the hundreds if not thousands and it’s important that there be measures to prevent unauthorized access to them. Unfortunately a majority of the devices do not have any process in place to verify or authenticate the authority of the person accessing them. So, these devices need to have a verification process as part of their requirements to access them. - Lack of Encryption:
It is nearly unimaginable that devices that carry sensitive data like the personal information of customers and the raw data from hundreds of devices should be unencrypted. Yet, it appears that it is indeed the case – most devices converse with the organization on unencrypted networks or at least ones lacking adequate encryption. - Poor Software/ Firmware:
Software and firmware on devices of such significance should be stable and capable of handling the task assigned to them; however, it seems that they often lack these abilities. Most devices have improperly supported software and firmware and any updates required are downloaded using an inadequately unencrypted network. - Lack of Privacy:
While the concern for privacy has become universal, with PCs and mobile devices there is an adequate choice in privacy software. For IoT devices the concern is larger because of the lack of other security features. With the feeble security measures currently in place, a hacker could potentially gain access to an organization’s entire data store through a compromised device. - Weak Web Interfaces:
The web interface to access the device as well as any interface that is accessible through the device must be setup with the necessary protocols. The web interfaces of the current generation of IoT devices have one major issue – they are vulnerable to cross-site scripting (XSS). This vulnerability allows hackers to easily capture user and organization credentials for their accounts. This could potentially lead to the hacker taking over the entire site.
While these vulnerabilities do seem alarming, they are not difficult to tackle. Organizations, both those making these devices and those using them, need to pay sufficient attention to these challenges and resolve them before IoT reaches its true potential.
Kiran Veigas handles Corporate Marketing at Happiest Minds. He has 14 years of industry experience spanning various roles in Marketing, Strategy, Product Management and Product Development in IT/Telecom. His educational qualifications include Executive Management Program (GMITE – General Management for IT Executives) from IIM-Bangalore and BE in Telecommunications Engineering.