Smart consumer devices like Smart TVs, camcorders, watches, washing machines, toasters and so on have become common place. These smart consumer devices no doubt give a better experience but the value proposition to the consumer has not reached a level where they are willing to pay a huge premium to acquire these smart devices. Hence, margin pressures result in companies trying to squeeze their expenses to make the most profit. This has resulted in a lot of cheap consumer oriented IoT devices that have been cobbled together with mostly open source software and a few additional pieces of custom software. Security is an afterthought in many of these instances. Unfortunately, this approach has made these devices easy targets for hackers to penetrate and launch attacks. This has put the larger internet operations at risk.
Recently a group of hackers embedded the Mirai malware on many cheap IoT devices (mainly cameras) to launch a Distributed Denial of Service attack on the Dyn DNS service. This resulted in service outages for a number of businesses (like Amazon, AirBnB, and many others). The reality is there are millions of these less secure connected consumer devices that are vulnerable. While making these devices secure would be the ideal way to go, there are many challenges that make IoT security a huge problem.
Some of them are:
- The processing power of many of these devices is low and limits the implementation of complex security functionality.
- Investment in security by the manufacturers of the connected consumer devices is low.
- Keeping the software on these devices up-to-date with all the security patches is a necessity. Unfortunately, most of the devices lack an easy to use or do not have a user interface to do the upgrades.
- The volume of these devices is huge thus making them easy targets for hackers.
- Most users are not going to be tech savvy. Complex operations to secure the device is not going to be feasible.
Given this scenario, we have to assume these devices are going to be easy targets for hackers. The responsibility of securing the network will fall on the service providers and enterprises to which these consumer devices will connect. While this may seem unfair they will have to do this for their own good and to avoid disruption of their businesses. Given the cost pressures that service providers are under, they may be tempted to make decisions that will curtail connected devices from getting onto the network thus killing innovation in this space.
How do we encourage innovation in connected consumer devices without overburdening the businesses or the internet infrastructure? What architectural solutions exist to solve this problem? How can the technical community help solve this problem?
My thoughts and opinions in the next blog post.
No comments:
Post a Comment