IoT Security: Who’s Really Responsible

A little girl uses the Internet of Things to do her homework.

Children love technology, but who’s responsibility is it to make sure that they stay safe while using it?

With literally billions of applications and devices communicating, security on the Internet of Things is a huge issue, and identity theft is only the beginning.  Imagine someone hacking into your baby monitor and spying on your toddler  (it has happened) or someone taking control of your home automation system (yup that’s happened too).

In both of these stories, the issue was with a defect in application, the home automation company didn’t password protect access and ultimately went out of business.  The baby monitoring company did issue an update to the app to prevent similar hacks but did not have contact info for consumers who purchased the product from third-party retailers.

DDoS attacks are another threat to the IoT, in a survey conducted by The Stack, 80% of businesses employing IoT devices had experienced a DDoS attack.

Manufacturer and Developers’ IoT Security Responsibilities

There is no question that the first line of defense should be with devices and apps.  As developers and manufacturers clamor to get their products into the booming market, it’s important that they take the time to make their products as secure as possible. Secure password protection, encryption, constant threat monitoring, and access to end-users when security updates are required, are all integral to IoT security.

The Federal Trade Commission (FTC) has published a document with security recommendations for developers and manufacturers.  Internet Service Providers can also help to ensure IoT security.

Provider IoT Security Responsibilities

As we’ve discussed, DDoS attacks can be devastating for business; they can also interfere with consumer IoT apps and devices.  Providers should employ DDoS protection at the very least. Some ISPs will even pre-configure WIFI passwords so they aren’t open and do not depend on the customer to set them.   Ideally, the provider’s network and in-home hardware should also employ antivirus/anti-malware and firewalls to help ensure against hackers.

Consumer IoT Security Responsibilities

Last but not least, buyer beware!  Given the myriad IoT options, it is also the consumer’s responsibility to be smarter than their smart devices.  A couple of obvious steps one can take are:

  • Establish strong passwords and a secure home network.
  • Make sure the manufacturer or developer can contact you.

This is not an issue when purchasing direct, as the seller will likely require at least an email address from you.  When purchasing from a third party vendor, it is very important to either register with the warranty card or go to the manufacturer’s or developer’s website and register the product or app purchased.

The On-Line Trust Alliance has created a detailed  IoT security checklist for consumers.  With tips on privacy and security, this is a must read, the checklist also provides a website to visit for updates to the recommendations.

IoT security is a moving target due to the phenomenal growth of the industry itself.  The only way to ensure a safe and open Internet is for everyone to provide security to the extent that they can.  With emerging guidelines from the FTC and the FCC, two out of the three entities will have standards to meet.  Even with these standards, consumers STILL have to do their part.