Security in regards to the Internet of Things is a very hot topic. Much of the coverage so far has centered on the vulnerabilities of first-generation IoT devices, leading to unflattering headlines such as "Internet of Crappy Things."

In focus

There are a few characteristics that make these IoT devices particularly hard to protect:

  • The majority of these devices are made to be cheap and have very limited interfaces (no keyboards or displays).

  • There is the need for ease of use and installation, which usually leads to insecure defaults out of the box.

  • Resource constraints such as lower battery power and cpu speeds make it hard to use the latest security protocols.

"The good news is that these problems are being raised a lot earlier than they have been in other technologies."

These characteristics, together with the sheer number of distinct use cases for these devices, make it incredibly difficult to standardize on a single platform and get consensus on how to implement security mechanisms.

Looking ahead

The good news is that these problems are being raised a lot earlier than they have been in other technologies. The sensationalizing of security issues found in internet-enabled cars, thermostats and fridges is indeed pushing manufacturers to take these issues more seriously.

A good example of a company raising the bar for the security of IoT devices is Apple. By adding strict security requirements on their Homekit certification, they have effectively raised the bar for security and ultimately made their customers safer.

Unfortunately, maturity in the IoT field is still at least five years away. In the rush to bring new products and services to market, many companies will overlook basic security considerations such as secure software updates, authentication and access control. Until then, I'm afraid we are indeed stuck in the Internet of Crappy Things.