The Internet of Things is set to be the world’s biggest innovation yet. The convenience that will bring is the stuff of Sci-Fi movies.
Imagine being able to control the lighting in your house from your car so that you get home to ambient lighting, or being able to switch off the heating system you forgot to switch off when you were leaving the house. The IoT is making all kinds of automation possible through the internet.
Unfortunately anything connected to the internet inherently places itself at the mercy of hackers. That is especially because the IoT is not made with security at the head of innovation. Commercial companies are looking to create convenience for the end user without paying attention to the risk that that places the consumer.
One of the biggest risks associated with the internet of things has to do with managing access. Access goes two ways because there is access to the device for control as well as access to the data because of the need to monitor the usage as well as any bugs that the device might have.
Now access to these tow has to be managed. Experts on the IoT say that there are at least four authorizations for access that are needed in any IoT device. These include the user, the vendor, the technicians as well as a varying number of other users.
A lighting system will for example be accessed by the people who live in a home as well as other parties like technicians. That is in addition to data that is collected by vendors and which might be sold to other interested parties like marketers. Access has levels to it.
Taking the example of the lighting system one can determine that the technicians will have lesser access than the home owner. The setting of these access levels has not been fully set up in the rush to get to commercial production.
Now, if a hacker was to gain access to the control of the lighting system then he can hold a family hostage in their own home. If a hacker was to gain access to data from the lighting system then he can collect enough information such as when the family sleeps and sell that to other criminals, for example.
The observation is that there needs to be a relooking of the security when devices in the IoT space are being built. Failure to do that might result in a big security nightmare for users.