The current state of IoT security is “scary”, says Mike Nelson, VP of IoT security at PKI provider DigiCert, with 98 per cent of IoT data traffic being unencrypted. The three most common IoT vulnerabilities are lack of proper authentication, lack of data protection (98 per cent unencrypted, remember?) and lapses in data integrity (making sure those often-unencrypted data packets haven’t been altered in transmission).
Disturbing news for the reliability of IoT devices that help keep emergency services, healthcare providers, businesses and ordinary people connected: nutjobs are blaming them for causing COVID-19 infections. The baseless rumour has high-profile proponents such as actor Woody Harrelson, who is most famous for playing an idiot.
Researchers at Carnegie Mellon University have developed an IoT opt-out app. The IoT Assistant app (for iOS and Android) will, they claim, inform you of internet-connected devices around you and tell you what type of information those devices are collecting. The idea is to allow users to control access to their data and to allow owners of those internet-connected smart devices to comply with privacy regulations such as the GDPR and CCPA.
The journal Nature has identified the IoT as an enabler of essential research, saying “the proliferation of the IoT (e.g. devices and instruments) in hospitals and clinics facilitates the establishment of a highly interconnected digital ecosystem, enabling real-time data collection at scale, which could then be used by AI and deep learning systems to understand healthcare trends, model risk associations and predict outcomes.”
Insurance market Lloyd’s sees great potential in using IoT devices to monitor and report information back to insurance organisations, whether it’s monitoring a house for water damage or gathering data at every step of the supply chain to better assess risk. Better accuracy, reduced costs and less fraud are seen as potential benefits.
Applications in healthcare will become a greater priority for IoT developers in the wake of the COVID-19 pandemic. That’s the conclusion of Achim Granzen, principal analyst at market research firm Forrester. The ad hoc applications coming into play now will, when there is time for greater insight and analysis, form the basis for future development.
Sonos, the manufacturer of premium smart speakers, illustrated a problem that will likely face many IoT companies as products approach end of life. Sonos declared no further software updates for older hardware and, if users added new Sonos hardware to their existing networks, those devices would also not get updates if older speakers were attached to the same network. It then offered users a 30 per cent discount to upgrade to new hardware that bricked the old hardware. Much backpedaling followed.
With many IoT devices found to be lacking in security, is it now time to consider making changes to improve security? Even if that means making it more difficult to use these devices, which have always been sold on their convenience and ease of use? What level of IoT attacks is acceptable?
Wi-Fi power requirements have generally meant IoT devices need large batteries, frequent charging or a power cable plugged into the wall. Now, a new ultra-low-power Wi-Fi radio developed by electrical engineers at the University of California San Diego could change that. It requires just 0.02 per cent of the power of a typical Wi-Fi chip. New uses and smaller devices await.
Workers new to remote working, pressed into carrying on their duties from home without full planning and preparation, may be putting organisations’ whole networks at risk by using vulnerable IoT devices. This is true whether they’re relying on those devices to work from home, or simply using such devices on their home networks.
Follow us on Twitter – @ColContent