PSA: The "S" in IoT is for Security

Since this is an IoT product it’s seems prudent to address the topic of IoT Security. Having said that, the “S” in IoT stands for security! What’s that you say? There’s no “S” in IoT? Well, that’s true… and there’s no security in IoT either.

IoT devices are typically made by companies with a very purpose driven product. Rather it be connected cameras, scales, watches, light bulbs or even sex toys, those companies make them to fulfill market demand in their respective market space. What does that mean? In most cases they make IoT devices that are somewhere between “meh” and “great” that do a specific function. They make the best damn connected waffle maker you ever laid eyes on.

So you ask yourself, “what’s missing then Mr Random Interwebz hacker man?” Security I tell you! You see, when IoT manufacturers decide to make a product they focus on four things:

  • Cost – You need to make the product as cheap as possible to maximize profit margins. They make money by volume and RMR. The cheaper they can make product the more profit. It’s basic math.
  • Time to market – How fast can we sell the items? The faster you get to market the faster you get money, fanboys, etc.
  • Cost – Same as above…
  • Time to market – just kidding they really usually care most about those two things.

How do we get down costs? There are a few things:

Development: Engineering is expensive. You can go on the Google machine 24/7 and find dozens of well used embedded Linux/Android builds design to be put on a PCB like butter on toast. Just becase developers adopt these platforms doesn’t mean they understand them. Remember these follows are interested in making great toast, not updating libraries patching vulnerabilities, etc.

Manufacturing: In most cases we rely on our friends to the East. As luck would have it, Asia has a lot of experience in manufacturing cheap electronics. They also have the capacity to mass produce our new IoT stick of joy. This in part takes out the ability for IoT companies to control their own supply chain or the quality oft heir product in large.

It is true that larger companies who produce product such as Amazon, Nest, etc. DO spend a lot of money on not just improving their hardware but hardening it as well. That costs money and as such, so does the hardware.

So what’s the point? Hate to be the bearer of bad news but IoT security is the responsibility of the beholder. If you plan on putting arbitrary black-box hardware on your network you should understand what it was made for and the risks. There are things that should be done such as creating a dedicated network space for such devices, use Antivirus that has heuristic detection, etc. If you don’t you’ll undoubtedly find an IoT device owning your stuff like Ric Flair (WOOO!).

If you can afford a $1,200 shiny new idevice you can afford a good router and firewall. IoT is a lot like getting in your car and driving around. It’s crazy out there, make sure you buckle up!

image

MOD NOTE: Post edited to conform to the Community Guidelines.

4 Likes

You’re on a roll. Good stuff.

1 Like

@Jason21271 so “t * rd” and “cr * p” are now profanity?! You mods. are so silly.

image