With 2014 being dubbed as the year of the ´Internet of Things´ (IoT), what are your major concerns regarding the security & privacy issues that consumers face now, and potential problems they could have in the future?
You’re sitting at home, watching some Disney movie with the kids when suddenly a Miley Cyrus wannabe appears on the screen, twerking away.
You are stunned, of course. How could this happen? The remote is way over there, no one’s touched it and your WiFi network password is so complex even you have a hard time remembering it.
Welcome to the Internet of Things.
You might be thinking that’s just not possible, but I’m sure fans of Star Trek in the 1960s didn’t think most of that technology was possible either.
Most organizations worry about protecting their networks and data (which is really your data but I don’t have enough space to go into that right now) and applications. The Internet of Things will mean they also need to worry about the security of the devices and applications they communicate with – both directly and through third-party apps.
While you can of course turn off the TV things get a bit more murky when you consider other things, like cars. Right now the APIs made available (and that’s important to note, made available to developers does not mean there aren’t more that are ‘hidden’) are limited to pretty innocuous functions involving GPS and music and communications. But cars today are complex mechanical and digital beasts, driven as much by computerized components as they are by piston rods and axles. The consequences of a security ‘mistake’ are far greater than having to replace someone’s debit card.
So if you’re delivering data to a car, do you have an extra measure of responsibility to ensure the integrity of that data? To ensure that no one uses the trust placed in your service to deliver malicious content that may wind up infecting the car and impacting its core functions? If you’re collecting location data, do you take extra steps to insure others can’t get their hands on it?
If your “things” integrate with your service via an API (and they probably will), are your services able to distinguish between a car and a refrigerator? A toaster and my six year old? How do you, as a provider, ensure the integrity of third-party developers who use your APIs to build “apps” for my appliances, my devices and my car?
The Internet of Things is going to bring a plethora of challenges to the table, not the least of which will be an extension of responsibility to not only protecting the data collected from consumers from various things, but protecting the channel through which it is delivered – your APIs.
The Internet of Things is, just below the surface, an ever increasing web of interconnected APIs. Statistics say we haven’t done the best job at protecting applications from even the most basic of attacks. We’re going to have to do a lot better with securing and authorizing use of APIs if we’re going to make sure no one turns off your refrigerator next week and leaves you with a gallon or two of sour milk.
Lori MacVittie | F5, Sr Product Manager | @lmacvittie
To find out more about our panel members visit the biographies page.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.