Video: The Internet of Things must be futureproofed
Internet of Things product manufacturers must get their act together and secure their devices or they risk creating new ways for wrongdoers to commit crimes, a senior police officer has warned.
"All new technologies, all changes in the way that society is ordered -- particularly if it is technology -- always has a crime harvest. So, when cars were invented, people started drink-driving and stealing cars and it's exactly the same with the Internet of Things," said chief constable Michael Barton, head of the Durham Constabulary.
"The issue here is not they are being stolen, but that they are being used as the mechanism by which people can commit crime," said Barton, interviewed in a new report on Internet of Things security by F-Secure.
While there are benefits from the Internet of Things in homes, workplaces, industry, transport, and more, the rapid proliferation of connected devices has often appeared to come at the cost of cybersecurity.
There are many examples of security vulnerabilities in IoT devices providing opportunities for hackers to break into systems, ranging from children's toys to industrial control systems. The race by companies to be the first to market with IoT products often means they fail to implement even basic security measures in their products.
As IoT devices are connected to a home or corporate network, they can easily provide a pathway for hackers to gain access to other systems and personal data.
"If your fridge is connected up to your local supermarket so that it can order things when they are needed, then it's going to be connected to your bank account and it's that, that is the worry. That all of these devices, none of which are seen as that threatening or that necessary to protect, become the open back door," said Barton.
IoT devices are already common and soon it's likely almost every household device may be internet-connected by default -- because, for many of the companies building IoT products, the more data they can collect, the better, especially when embedding chips into objects is cheap.
"Eventually, almost every household device will be online, and they will largely be invisible to the end user as a smart device. They will look like dumb devices, but they will be smart devices. However, they won't offer any features to the consumer because the real reason for them to be online will be for them to report analytics to the company that built the device," said Mikko Hypponen, chief research officer at F-Secure.
While the public should be taught about the security risks about the Internet of Things and provided with advice on how to secure devices, for Barton, it's IoT manufacturers which need to take responsibility for securing products.
"You can't sell toys with pins in them so that children are blinded. You can't sell cars where the brakes work intermittently. Nor should you be able to sell something on the IoT that allows people's bank accounts to be emptied," said Barton.
ENISA, the European Union's cybersecurity agency, is already working towards legislation around the Internet of Things, but nonetheless, there are still major risks associated with millions of devices which are already in use -- many of which could be installed and easily just forgotten about by users.
"Bottom up and top-down approach is the best way for the technology industry to move forwards responsibly with the confidence of the public behind it," said the report.
Recent and related coverage
LG has updated its software security after researchers found flaw that left dishwashers, washing machines, air conditioners, and even a robot vacuum cleaner accessible by hackers.
Chris Penrose, president of IOT solutions at AT&T, explains the security factors that influenced AT&T's decision to deploy LTE-M networks.
It's another IoT security flaw - attackers can hack smartwatches to monitor the wearer's location, eavesdrop on conversations or even communicate with the child.
READ MORE ON CYBERSECURITY
- How IoT hackers turned a university's network against itself
- Smart toy flaws make hacking kids' info child's play [CNET]
- Special Feature: Cybersecurity in an IoT and Mobile World
- Security flaws in children's smartwatches make them vulnerable to hackers
- How to secure your IoT devices from botnets and other threats [TechRepublic]