According to IoT security solutions company Zingbox, IoT is only going to get larger with 7 billion new devices added by 2020. As devices evolve, threats will evolve as well. There was a study conducted by Hewlett-Packard that found that “70 percent of Internet of Things devices are vulnerable to attack.” These vulnerabilities have been exploited by hackers in big ways, for insecure Internet of Things devices not only compromise homes and enterprise, but also put our government agencies and industrial plants at risk.
Although it takes a lot of work to fully secure devices from hackers, here are some relatively simple things IoT companies can do to improve their security.
#1. Password authentication
Seems obvious right? However, one of the most common ways connected devices get breached in the first place is that there are people who do not think to change the default password. There are websites that expose this security flaw by hosting live streams of these devices (as you can see in the picture above).
IoT device companies not only need to provide users with the option to change their password, but they need to make it an essential part of their onboarding flow. Requiring first-time users to change their default password would protect devices drastically.
IoT developers can take this a step further by requiring a two factor authentication through the user’s smartphone so it will make it even harder for hackers to get in.
#2. Visibility of connected assets
There are network administrators who aren’t aware of all the connected devices on their network. Using the medical industry as an example, administrators might be able to see other computers perhaps, but they might not be able to see the other connected devices such as blood pressure monitors or weight scales.
Not being able to keep tabs on all your connected devices makes it prime for hackers to exploit the relatively low security protections for these devices. IoT companies need to find a way to program these devices to be visible for administrators to keep tabs on their network.
#3. Make it easy to install new security patches
With many the existence of smart thermometers, smart door bells, and even smart window blinds, the life cycle for an IOT device is a lot longer than your typical computer or phone.
Within this lifespan, there will be new security threats and exploits that arise, so IoT companies should make devices that can adapt accordingly. One way to do this is to build devices with a standard OS so security software can be installed easily and remotely.
#4. Use less permissions
When you’re installing a new smart device, not only are you trusting it to function, you are also trusting it with permissions like access to your information or your camera. It is important for IoT devices to only ask for the permissions they need. Maybe my fridge doesn’t need to know my location. Excess permissions just adds one more thing for hackers to access on your network.
#5. Threat detection
Last but not least, IoT companies should build their devices to know when someone is attempting a security breach in real time. They should know how many attempted logins occurred. There are administrators responsible for these connected networks that have no idea when and where these security threats are occurring.
The growing demand in the Internet of Things shows the consumer market’s eagerness to turn their home into a smart house. However, this has led to the release of some devices with glaring vulnerabilities. Companies entering this industry need to be cautious of potential security threats and build their devices accordingly.