A recent announcement from Consumer Reports, an influential US group that conducts extensive product reviews, suggests that they are gearing up to start considering cyber security and privacy safeguards when scoring products. IT security experts from LogMeIn and Allot Communications commented below.
Ryan Lester, Director Of IoT Strategy at Xively by LogMeIn:
Moshe Elias, Director of Product Marketing at Allot Communications:
The problem with the consumer IoT industry is that emphasis is made on functionality which is natural, but none on security. These “things” or devices, are a security backdoor. A wifi connected doorbell is “not interesting” in itself, but if it stores the Wi-Fi password in cleartext a hacker can use that to access all the household connected devices, alarm systems computers etc.
The security solution, however, needs to be layered, and centered around a network based security system that is delivered by a capable operator. Just as every smartphone and computer have vulnerabilities, so will IoT devices and these require an additional layer of security – in the network.
Device ranking will not guarantee that devices become un-hackable. Protecting access and validating data on a device-by-device basis is not a sufficient solution. Most devices are closed systems and don`t allows installing any security client software or any software after shipping from the factory and even if some devices allow that, this approach requires investment and scalability, and continuous maintenance needed to ensure devices are controlled. A more reasonable approach is a comprehensive solution delivered from the CSP network (network-based) security solution, that unifies all security function needed to control any device (whether an IoT device or mobile handset) and provides a simple, scalable way to protect the network with a growing number of connected devices.”