The Internet of Things (IoT) has made our lives more convenient in all kinds of ways but, as anyone involved in security will know all too well, convenience can come at the expense of security. In some contexts, this does not really matter, but when it comes to home security, it can matter a lot.
There is no shortage of evidence to support the assertion that cybercriminals are exploiting connectivity, even in the commercial environment and even with companies that are of sufficient size that you’d expect them to have the resources to be able to manage the Internet of Things capably. For example, there is a well-publicised instance of a casino having its “high-roller” database stolen after hackers gained entry to its internal systems via a thermometer in a fish tank in the lobby, the presence of which had simply been overlooked by its IT security team.
The average home does not have an IT security team, in fact, the average home may be filled with people who really don’t have much of a clue about how technology actually works, even if they happily use it every day. It is therefore hardly surprising that there have been periodic media articles highlighting the dangers of connected devices, particularly baby monitors.
Even though some of these articles may have been somewhat sensationalist, the underlying point was and is valid; the Internet of Things can indeed be a security threat, especially when connected devices are used by people who don’t really understand IT security.
Up until recently, manufacturers of connected devices could, at least legally, take the view that their job was to provide functionality and it was down to the end-users to take responsibility for ensuring the security of the devices once they were in place.
This approach, however, is starting to change as a result of pressure from various interested parties. In the UK, for example, the government has introduced a voluntary code of practice for device makers and while this is not legally enforceable, the reality is that if device manufacturers do not comply, there is a distinctly likelihood that the government will take steps to make it legally enforceable. The U.S. state of California has gone a step further and has already passed a law requiring makers of electronic devices to use strong passwords from 2020 and, as part of this, each device they manufacture must be given its own, unique password.
Perhaps the most effective pressure, however, has come from consumers themselves. They may neither understand nor care exactly how these devices work, but they do care about the security of their homes and they may turn away from IoT home gadgets if they feel that the convenience of smart devices does not justify the security threat involved with using them.
People’s wariness at new IoT devices that take the place of, for instance, a front door key or a physical thermostat will only dissipate if manufacturers take the lead on guaranteeing (as far as such things can be guaranteed) that their safety and security will not be compromised and that their new, 21st century devices will benefit their lives, not fill them with new stresses.