The interconnected network of electronically embedded objects or devices, referred to as the Internet of Things (IoT), is on the rise within both businesses and homes in the UK. It was the subject of a recent report by application testing technology firm Veracode, and the company found that it presented very real implications for personal and corporate cyber security.
During the course of researching this investigation, the IT security management specialists at Veracode looked at several devices common to the IoT – such as the Wink Relay, the Wink Hub, the Chamberlain MyQ Internet Gateway and the SmartThings Hub – with the results suggesting that users of these devices face serious risks from hackers.
Among the points raised by the report was the fact that open debugging interfaces, found with many of these devices, present opportunities for hackers to run harmful code like spyware on the devices. It was also found that weaknesses in protocols make it easy for anyone to gain access to private data, and a serious potential for harm stems from the failure of many users to follow appropriate cyber security practices.
While the report examined the dangers presented by such IoT devices within the home, the findings could also have serious implications for businesses, with many enabling their employees to use them for working from home.
Most companies, both large and small, recognise the importance of effective information security recruitment when it comes to ensuring that cyber security is managed on-site. However, it could be harder for those performing these IT security jobs to keep track of this when employees are using devices away from the main business premises. Furthermore, IoT devices present entirely new security challenges.
A security research architect for Veracode, Brandon Creighton, said that:
“It’s hard to not be excited about what the IoT has enabled and will bring in the future, although that doesn’t mean cyber security should be sacrificed in the process.”
Creighton went on to add that he felt a holistic approach to the devices making up the IoT – which also incorporates mobile and web applications, and the back-end cloud services – would be the most effective way of ensuring that cyber security is prioritised from the inception point onwards.
He concluded by cautioning that treating this issue as anything less than central would see both individuals and organisations laying themselves open to having their private data hacked.
Casey Ellis, the CEO for another cyber security firm, Bugcrowd, argues that the need for businesses to get new IoT devices onto the marketplace fast means security practices sometimes suffer as a result, while the open source components and libraries used in building them frequently have existing vulnerabilities.
The announcement by George Osborne that the government will be investing £40 million with the aim of speeding up the progress of cutting edge smart city, social care and health solutions is undoubtedly good news. However, as Veracode and Bugcrowd have shown, those employed in cyber security jobs are going to be required to an ever-greater degree, to find equally innovative solutions to the information security issues posed by the rapidly evolving IoT.
[su_box title=”About Ryan Farmer” style=”noise” box_color=”#336588″]
Ryan Farmer has worked at Acumin for the past five and a half years as a Senior Consultant and now a Senior Resourcer. With a strong understanding of the InfoSecurity industry and the latest market developments, Ryan sources leading information security candidates for some of the world’s largest End User security teams, start up security vendors and global consultancies.Ryan is heavily involved in the Risk and Network Threat forum, has a keen interest in Mobile Security and is an active blogger and InfoSec writer.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.