Security of the ‘Internet of Everything’
Amethyst's Mark Chown discusses why the rapid development of products and services online has become a danger to our safety and security
The proliferation of internet connected devices is running apace and the typical household is now equipped with multiple devices that are connected to and exposed to the World Wide Web.
Access to the Internet is no longer limited to dedicated computing devices such as PCs, laptops, smartphones or tablets, but extends to domestic and personal items including gaming consoles, televisions, fridges, household security cameras, heating control systems and implanted medical devices. Even Barbie has had a digital makeover and can be connected to the web to enable your child to have a two-way chat with the doll in much the same as adults speak to Siri, Cortana or Google Now.
Gartner suggests that by 2020 there could be 26 billion connected devices across the World, representing a 30-fold increase from where we were in 2009. This is all happening against a backdrop where the security of even traditional computing devices still remains a constant challenge and responses to cyber-attacks and criminality are being increasingly prioritised by companies and government.
In the hierarchy of needs, American psychologist Abraham Maslow identified safety as fundamental to our psychological wellbeing. The physical privacy, safety and security that we previously enjoyed in our homes is now threatened by the multitude of digital connections that enable access into our personal lives from anywhere in the world.
The ‘Internet of Things’ has been quickly superseded by the ‘Internet of Everything’ and whilst there are unquestionable benefits for society, it is inevitable that products and services will be developed and adopted before privacy and security vulnerabilities are properly considered and resolved.
Regular reports regarding the exploitation of connected devices have been well publicised; one alarming incident involved a couple in the US, who were shocked when a hacker took control of their baby’s CCTV monitor. Not content with simply watching the baby, the hacker also shouted a chilling ‘wake up baby’ that could be heard in the adjoining room. Many security researchers have also highlighted vulnerabilities in connected devices such as smart meters and implanted medical devices all of which demonstrate the developing risk to us all; but how do we as society and as consumers respond to this risk?
Firstly as with all technology products, manufacturers need to ensure that security and privacy is an integral part of the product development process. Security must start at the very beginning of the development lifecycle and not remain in catch-up state as is often the case.Manufacturers must also maintain a security responsibility for the device post-sale by ensuring the availability and preferably automated patching of the product firmware/software
Secondly, the security and privacy risks associated with any device whether a TV, fridge or medical implant need to be transparent to the consumer. The consumer must be told overtly and in simple language what the issues are and what they can do to manage them in line with their privacy and security expectations
Thirdly, the way in which the consumer sets and manages privacy and security settings on any device must be simple and easily manageable.Consumers should not have to search for security settings, nor be faced with a complex choice of settings.
Lastly, we as consumers of these products, must take responsibility and consider the possible privacy and security risks associated with the installation and use of a connected device in our homes. We should take care to follow the manufacturer’s advice – and at the very least change default passwords.