An Internet of Things 'crime harvest' is coming unless security problems are fixed

A senior police officer says IoT manufacturers must be held to account when their products open doors to new ways of committing crimes.
Written by Danny Palmer, Senior Writer

Video: The Internet of Things must be futureproofed

Internet of Things product manufacturers must get their act together and secure their devices or they risk creating new ways for wrongdoers to commit crimes, a senior police officer has warned.

"All new technologies, all changes in the way that society is ordered -- particularly if it is technology -- always has a crime harvest. So, when cars were invented, people started drink-driving and stealing cars and it's exactly the same with the Internet of Things," said chief constable Michael Barton, head of the Durham Constabulary.

"The issue here is not they are being stolen, but that they are being used as the mechanism by which people can commit crime," said Barton, interviewed in a new report on Internet of Things security by F-Secure.

While there are benefits from the Internet of Things in homes, workplaces, industry, transport, and more, the rapid proliferation of connected devices has often appeared to come at the cost of cybersecurity.

See also: What is the IoT? Everything you need to know about the Internet of Things right now

There are many examples of security vulnerabilities in IoT devices providing opportunities for hackers to break into systems, ranging from children's toys to industrial control systems. The race by companies to be the first to market with IoT products often means they fail to implement even basic security measures in their products.


Internet of Things devices in the home are opening up new doors for hackers to break into networks and steal data.

Image: iStock

As IoT devices are connected to a home or corporate network, they can easily provide a pathway for hackers to gain access to other systems and personal data.

"If your fridge is connected up to your local supermarket so that it can order things when they are needed, then it's going to be connected to your bank account and it's that, that is the worry. That all of these devices, none of which are seen as that threatening or that necessary to protect, become the open back door," said Barton.

IoT devices are already common and soon it's likely almost every household device may be internet-connected by default -- because, for many of the companies building IoT products, the more data they can collect, the better, especially when embedding chips into objects is cheap.

"Eventually, almost every household device will be online, and they will largely be invisible to the end user as a smart device. They will look like dumb devices, but they will be smart devices. However, they won't offer any features to the consumer because the real reason for them to be online will be for them to report analytics to the company that built the device," said Mikko Hypponen, chief research officer at F-Secure.

While the public should be taught about the security risks about the Internet of Things and provided with advice on how to secure devices, for Barton, it's IoT manufacturers which need to take responsibility for securing products.

"You can't sell toys with pins in them so that children are blinded. You can't sell cars where the brakes work intermittently. Nor should you be able to sell something on the IoT that allows people's bank accounts to be emptied," said Barton.

See also: Your forgotten IoT gadgets will leave a disastrous, toxic legacy

ENISA, the European Union's cybersecurity agency, is already working towards legislation around the Internet of Things, but nonetheless, there are still major risks associated with millions of devices which are already in use -- many of which could be installed and easily just forgotten about by users.

"Bottom up and top-down approach is the best way for the technology industry to move forwards responsibly with the confidence of the public behind it," said the report.

Recent and related coverage

Security flaw in LG IoT software left home appliances vulnerable

LG has updated its software security after researchers found flaw that left dishwashers, washing machines, air conditioners, and even a robot vacuum cleaner accessible by hackers.

How IoT network standards can influence security

Chris Penrose, president of IOT solutions at AT&T, explains the security factors that influenced AT&T's decision to deploy LTE-M networks.

Security flaws in children's smartwatches make them vulnerable to hackers

It's another IoT security flaw - attackers can hack smartwatches to monitor the wearer's location, eavesdrop on conversations or even communicate with the child.


Editorial standards