How IoT Devices Put Your Security At Risk
A security company for the Internet of Things (IoT) has identified 33 vulnerabilities in open source code among various devices. This is just a snapshot of what experts think is a growing problem with few government regulations in place.
In 1999, then-Procter & Gamble Assistant Brand Manager Kevin Ashton coined the term "IoT" in Cincinnati. The idea of having devices talk to one another, to people and to the environment wasn't new then, but the name for them was.
University of Dayton Law Professor Thaddeus Hoffmeister has written a book on the Internet of Things, as the number of IoT explodes on the market. He focuses on privacy and security issues.
Hoffmeister says the more you spend on a device the more likely it will be secure. "When you decide to make an IoT toothbrush and you've just been making toothbrushes the entire time, you never thought about how the toothbrush can be hacked, you never really put a lot of thought into that," he says. "All of a sudden you're a little bit behind the power curve."
For many businesses, security on an IoT device is an afterthought with the legal department being called in at the very end. He says they should be called in the beginning.
Use Two Different Routers
Because of the risk of hacks, Hoffmeister suggests home users connect all IoT devices to one router and phone and computer to another. "That way if these devices do get hacked you can kind of channel them into not allowing them to get into the most sensitive information," he says.
Businesses and government need to take precautions, too.
The easy access hackers had to a Florida water supply almost caused a catastrophe. Security companies say this kind of thing happens more than we know.
Hoffmeister says criminals love IoT devices because they can turn them into dummies and gain access. He says if you do nothing else, change the default password.
Who Owns Your Information?
Intellectual property rights are still up in the air for IoT.
For example, if something like an IoT-enabled milk carton in a smart refrigerator alerts Alexa and orders milk, who gets this information?
Ownership can be convoluted, says Somjit Amrit with AM Technologies.
According to Smart Industry, which quotes him, "Given that an IoT ecosystem will often have multiple stakeholders, including manufacturers, end users, third party solutions providers and even the public sector, often the situation can best be characterized as give and take."
"I hate to say it, but it (government regulation) will come about because of some incident," Hoffmeister says. He points to the hacking of a car or a medical device problem that hurts or kills somebody.
The IoT Cybersecurity Improvement Act has already passed the Senate and has bipartisan support. Will the President sign it? If passed what will it do?