At the recently held infosecurity Europe 2015, one of the hacks caught our eye. A connected Kettle was used to hack email address and contact details. The video is on YouTube and you can watch it below:
While this is fun, it also raises concerns about the security risks IoT devices can bring in give the explosion of such devises in coming future. (As per some estimates we will have over 40 billion connected devices in the next 5-8 years) And this is all the more alarming because it will impact enterprises and individual consumers both.
Someone stealing your identity by hacking into your Internet connected refrigerator is not science fiction any more. Activating a phishing attack through your connected sound system is also a very real threat.
And they have just started to make connected cars!!
Here are 5 Tips for ensuring a secure IoT Coverage:
1. Identify Risks- The most common IoT vulnerabilities include web interface authentication and authorization. The risks have to be identified and gaps have to pluged right from the start. Implying that you need to ask ready questions before deploying any connected device, and install only the answers are satisfactory. At least you would know your threat perimeter and if things go bad you will know where to focus on.
2. Separate Environments- Can you create a separate network for connected devices thereby creating separate environment and again if things go bad, your entire network in not impacted.
3. Regular updates- Get your IoT devices updated and pressure the vendor for continuous audit and path releases
4. Multi-tier security- You may want to create a separate or additional layer of security for access via IoT devices. It could be certificate based authentication which are randomly rotated session bases validity etc. especially with cloud access
Well, this certainly sounds like the beginning of a new line of start-ups, those which can audit connected devices and rate/score them on security.