IoT security under scrutiny as Apple looks at smart home system

The security issues around the emerging Internet of Things (IoT) technology are taking centre stage, as Apple reportedly prepares to introduce its 'smart home' system and Google is rumoured to be considering new acquisitions to round out its web-enabled home device offering.

The emergence of the IoT could lead to the biggest security threat to the IT landscape, according to Armando Dacal, Australia and New Zealand regional director for enterprise security provider, Palo Alto Networks.

According to Dacal, governments, enterprises, and standards organisations will need to work together to establish security regulations suitable for the IoT phenomenon.

"This year's buzz is all about the IoT, which is made up of everyday devices that are IP-enabled, that can communicate over the internet and transmit what may be very important and confidential data. There are now more 'things' connected to the internet than there are people on Earth," said Dacal.

"Massive numbers of devices means a myriad of ways to target an organisation. In fact, IDC projects the number of IP-enabled devices will reach 212 billion installed devices by 2020. That's an enormous number of devices that will form networks, communicate with other devices, and share data.

"The biggest barrier that remains will be regulation around privacy of the data collected by devices, how it used and shared. This will likely require the cooperation of enterprises, governments, and standards organisations before we can fully tap into the true potential of IoT," he said.

Dacal's comments come as rival mobile tech giants, Google and Apple, work to strengthen their IoT offering, with Google acquiring web-enabled home sensor device maker, Nest Labs, for US$3.2 billion and rumours this week of talks to buy out cloud-enabled security camera manufacturer, Dropcam.
Apple is also on the move, with the company reported to be planning to introduce a 'smart home' concept at its Worldwide Developers Conference in June, according to the UK's Financial Times. The company is expected to showcase a system that allows users to control lights, appliances, and security systems with their iPhones.
Given Gartner's estimate that the IoT market will encompass around 26 billion individual devices by 2020, security is set to become one of the principle challenges as the new technology emerges.

"The enormous number of devices, coupled with the sheer volume, velocity, and structure of IoT data, creates challenges, particularly in the areas of security, data, storage management, servers, and the datacentre network," said Joe Skorupa, Gartner vice president and analyst, in March. 

The importance of IoT security was highlighted in late April when a hacker infiltrated the web-enabled Foscam baby-monitoring camera of Ohio couple, Heather and Adam Schreck. The unknown hacker had commandeered the baby monitor, broadcasting his voice through the unit and controlling its physical movements.
The security breach followed a similar WiFi-enabled baby monitor infiltration in August last year that saw a hacker obtain access to, and control of, a baby monitor camera belonging to a family in Houston, Texas. Again, the hacker was able to broadcast his voice through the monitor. And, once again, it was a Foscam monitor.

IoT security is getting plenty of attention from the world's largest mobile phone manufacturer, Samsung, which is reportedly pumping money into developing IoT security as one of its key future technologies, according to South Korea's Yonhap News Agency.

Palo Alto Network's answer to the emerging security issues surrounding the IoT landscape begins with a list of best practices for organisations to follow if they want to secure IoT devices from attacks:

1) Identify and manage IoT devices by protecting them and controlling access to the data.

2) Understand and identify which types of devices are part of the IoT. Similar to mobile endpoints, the information about the devices could be used in making decisions to protect the device, or its state could be used in making decisions to protect the device and control the data. For example, a device that has malware can be blocked from accessing the IoT network.

3) Protect devices against a spectrum of threats, including exploits and new, unknown forms of malware. The protection of these IoT devices is likely better performed at a network level rather than an endpoint level due to the variety of devices that may exist, and the limited endpoint security functions that can be supported.

4) Secure data and application access by using the Zero Trust principles of least privilege access with granular segmentation.