New Security Norms for the Internet of Things

The ear in tech started at the International CES (Consumer Electronics Show) in Las Vegas, where Amazon’s voice assistant Alexa could be found in over 30 products. That trend continued all year, with new Alexa devices hitting the shelves almost daily, and Amazon itself recently unveiling a raft of new Alexa products including Echo Spot, Echo Connect and, most significantly, Echo Plus, which doubles as a fully-fledged smart home hub. With Alexa now in so many homes, this is
an obvious next step. When tech companies first started talking about ‘internet fridges’ and other Internet of Things (IoT) devices, people laughed: who needed to go online or fumble about in an app to see if they had milk, when they could just open the fridge door? But introduce Alexa to the mix, and suddenly you can check if you’ve got milk, and order more if you haven’t, without even reaching for your phone. So expect 2018 to be the year when the IoT – Now With Voice Control!™ – finally takes off. But at what price?

Almost as frequent as Alexa product launches in 2017 were alerts about security weaknesses in IoT devices – from the Amazon Echo, to Nest security cameras, to children’s toys and smartwatches aimed at kids, which Germany has just gone so far as to ban outright. In May 2017, Daniel Coats, the US Director of National Intelligence, suggested insecure IoT devices could be used to launch cyberattacks on vital infrastructure, while a recent report by German security specialists Gemalto found that just 52 per cent of data captured by such devices is encrypted. John Moor, managing director of the IoT Security Foundation, said:

“At this point in time there are no specific regulations for IoT security, and that explains in part why we are seeing so many problems. But we’re starting to sense a consensus form around the key requirements for IoT security, and we are encouraging governments considering regulation to look hard at our expert-led work, so as to translate this into useful regulation for responsible suppliers, consumers and citizens.”

Speculations have been intact about the potential security threats that IoT might bring along with it. Much of the rapid development in IoT comes from computing devices, voice-controlled assistants and embedded sensor systems used in industrial Machine-to-Machine (M2M) communication, smart energy grids, home automation, vehicle-to-vehicle communication and wearable devices. The main problem is that since the idea of networking appliances and computing is relatively new, security has always been taken for granted in product design.(Like, in the recent #madebygoogle event, Google revealed it's flagship of Google Home devices, called Google Home Hub, which had all the features you could possibly imagine in a home automated system, but almost no key security features.) IoT products are often sold in unpatched embedded operating systems and software. To improve security, an IoT device that needs to be directly accessible over the internet, should be segmented into it's own network and have network access restricted.