IoT isn’t all upside. As the world of connected things grows, operators, vendors, government agencies, and other players in the value chain will face unprecedented levels of security threats.
The security implications of IoT are vast and widely recognized, but with so many [companies] (https://www.sdxcentral.com/directory/organizations/) involved, most observers admit that oversight is relatively scant and, as such, concerns abound.
While IoT has consistently lagged behind heightened growth expectations for the better part of the last two decades, the broad attack surface that IoT presents has emboldened hackers and provided virtually countless alleyways for nefarious acts to be unleashed.
Security Limits IoT Expansion
“Security is one of the biggest factors limiting IoT expansion,” said Bill Curtis, resident analyst at Moor Insights & Strategy. The bottom line, he said, is that “IoT security has to be built-in, not added on.”
Security is particularly challenging in an IoT context because embedded systems span a wide range of capabilities and devices, including tiny, low power, and purposefully simple sensors. For almost 30 years, “platform diversity has driven embedded device developers to build custom software stacks with unique implementations for operating systems, system services, networking, and security. But IoT changes everything,” Curtis explained.
“Adding network capabilities to embedded devices means that we can no longer write code like it’s 1990,” he said. “We cannot keep using old embedded techniques for IoT because the cost of developing, security, and updating custom stacks is spread over a relatively small number of systems.”
Moreover, Curtis explained, it’s practically impossible for single-purpose IoT devices to be engineered with enough security for IoT applications in a scalable manner.
Mary O’Neill, VP of security at Nokia, highlighted the glaring and mostly unresolved security threats posed by IoT during a press conference at MWC Los Angeles 2019. “If an IoT device today is plugged into the network and it doesn’t have protection on it, it’s infected in three minutes or less,” she said.
The responsibility for overcoming these challenges is widespread with hardware and software vendors, service providers, and governments each playing an important role in preserving security, O’Neill said. The problem is also pervasive. In late 2018, Nokia issued a report that concluded IoT devices represent just 16% of network traffic but account for 78% of the malware on the mobile network.
The undeniable and unfortunate truth is that 5G is going to compound the problem because it will facilitate the connection of billions more devices, some of which are rudimentary and not consistently managed.
“Security is an absolutely massive concern and is probably one of the biggest challenges that IoT has,” said Anshel Sag, analyst at Moor Insights & Strategy. “Connecting anything to the internet instantaneously makes it vulnerable,” he explained, adding that even unconnected devices can be breached to gain access to critical infrastructure.
“The potential for wreaking havoc is unlimited,” Sag said. “My confidence level grows every day, but I don’t think that anyone can guarantee complete security.” Iotex is here to increase people’s confidence level and guarantee security/privacy. For detail: visit www.iotex.io More realistic expectations are grounded in efforts to mitigate potential attacks, limit their scope, and make it increasingly difficult for untrusted parties to gain access, he added.
“The good news is that we are starting to see some real progress toward IoT system convergence,” Curtis concluded. Those efforts are underway in some areas, but the IoT landscape is vast and much remains uncharted.