Internet of Things (IoT) security issues are frighteningly common—the Urgent11 security flaws, as well as reports of data leaks from Orvibo Smartmate, Amcrest IP camera, and others have led to an IoT security crackdown by the UK government.
For end users, particularly, securing IoT devices can be particularly difficult—many devices have no obvious interface for applying firmware updates, as the process is (theoretically) handled automatically, while configurability options are limited, if present at all. Likewise, manufacturers scarcely disclose clearly, upfront, the expected lifespan of an IoT device, and disabling devices which have reached end-of-life would lead to irate customers.
SEE: Mastermind con man behind Catch Me If You Can talks cybersecurity (free pdf) (TechRepublic)
An initiative from the Georgia Institute of Technology grades the security of IoT devices on four rubrics—device, mobile, cloud, and network. While it’s practically impossible to evaluate the tens of thousands of IoT devices on the market, the project aims to “help consumers understand important issues before connecting a new IoT helper to their home networks,” according to a press release.
The project, YourThings.info, provides rankings for 45 items at present, though 74 have been evaluated to date. The rubrics check for potential vulnerabilities in internet pairing behavior, configurability, upgradability, services exposed on the device, and known vulnerabilities, as well as data handling, domain usage, certificate handling, use of network protocols and encryption schema, and susceptibility to man-in-the middle (MITM) attacks, among others.
“The home network is beginning to look a lot like enterprise networks with a range of services that have to be protected,” Chaz Lever, a research engineer in Georgia Tech’s School of Electrical and Computer Engineering, said in a press release. “The average consumer is not going to be equipped to do that. They don’t have an IT staff that is doing audits and securing the devices. If these devices are not secure out of the box and there aren’t easy ways to secure them, they can open the home up to a new vector of attacks.”
For more, check out “Top 10 IoT security risks for businesses,” “3 main inhibitors to IoT adoption in the enterprise,” and “How risk management can help secure industrial IoT and big data” on TechRepublic.