Home Three things every IoT manufacturer should do to improve security

Three things every IoT manufacturer should do to improve security

There’s no question that the Internet of Things is the new security battleground. Internet-connected webcams, HVAC systems, cars, TVs, watches, printers and more are giving people more use out of their devices. But these devices also open doors to hackers who want to steal corporate data, lasso thousands of devices into botnets that can launch DDoS attacks, or even set off Dallas’ 156 emergency outdoor sirens.

See also: Will these Chinese satellites provide hack-proof data security?

When it comes to security, corporations are struggling to keep up with the speed at which problems evolve. For example, a researcher with Google Project Zero recently discovered a flaw in Broadcom Wi-Fi chips that could allow someone to remotely execute code on affected iPhones, Nexuses and Samsung devices just by being in their general vicinity. Another researcher found 40 zero-day vulnerabilities in Samsung’s Tizen operating system for smart watches, phones, and TVs —  he said the code may have been the worst he’s ever seen.

Meanwhile, a new version of the Mirai botnet was recently discovered to be capable of launching application layer attack, not just DDoSing websites, and turning large swaths of the internet dark.

To combat these issues, companies are constantly inventing new solutions. For example, a new Microsoft project, dubbed Sopris, is aimed at solving some security issues with IoT by redesigning Wi-Fi microcontrollers. And while efforts like this help, more must be done within corporations to address the IoT security problem in a scalable way.

How? Here are three things companies making IoT devices should do to improve the security of their products:

#1: Be accountable

Many companies developing IoT products aren’t technology companies, so they don’t necessarily design products with security in mind, or know the best practices to ensure security. Vendors getting into the IoT market must realize that their devices will have vulnerabilities and that connecting them to the internet increases the likelihood the devices will be attacked or used in attacks. If companies sell products without acknowledging this reality, they have already failed, and are putting not just their customers at risk, but the internet as a whole.

#2: Automatically update

Products that don’t have a way to automatically update are sitting ducks.

For instance, the moment they left store shelves, devices vulnerable to the Mirai botnet were effectively at the end of their life — there was no way to update the devices or to fix the vulnerabilities, so the only option owners of affected devices had was to buy a new device. Device recalls are expensive, so providing a way to update the device is essential in avoiding instant obsolescence, which turns customers off.

Even Windows XP, which had a 10-year life cycle, shipped security patches to customers to install manually. Microsoft planned for customer support and maintenance, like employing more security engineers, over the long run and factored that into the upfront costs or subscription.

In the same vein, Nest charges $10 a month for upkeep services, which enables it to make one of the most secure IoT devices on the market.

#3: Embrace disclosure

IoT device manufacturers must also make it easy for ethical hackers to report vulnerabilities to them. Companies should have a vulnerability disclosure process with an easy-to-find email address or web form to which to send bug reports. If they want to encourage more security scrutiny to help them find and fix bugs, companies can also set up a bug bounty program that compensates hackers for reporting vulnerabilities.

No product is immune to bugs, and given how widespread IoT devices have become, and how vulnerable they are to hacking, it’s essential for companies that make IoT devices to take all the precautions necessary to ensure that people’s privacy is as protected as possible.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the gambling and blockchain industries for major developments, new product and brand launches, game releases and other newsworthy events. Editors assign relevant stories to in-house staff writers with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Michiel Prins
Editor

Co-founder of HackerOne

Get the biggest iGaming headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Gambling News

    Explore the latest in online gambling with our curated updates. We cut through the noise to deliver concise, relevant insights, keeping you informed about the ever-changing world of iGaming and its most important trends.

    In-Depth Strategy Guides

    Elevate your game with tailored strategies for sports betting, table games, slots, and poker. Learn how to maximize bonuses, refine your tactics, and boost your chances to beat the house.

    Unbiased Expert Reviews

    Honest and transparent reviews of sportsbooks, casinos and poker rooms crafted through industry expertise and in-depth analysis. Delve into intricacies, get the best bonus deals, and stay ahead with our trustworthy guides.