The Internet of Things (IoT) is a hot technology with consumers. The idea of a fully connected home, and the convenience and comfort that provides, is too good to resist. ABI Research predicts the global smart home market alone will reach $123 billion by 2022.
Whether it’s improving the physical security of your home with smart locks, enjoying a better driving experience through the technology embedded into your car, or automating your home through the devices that are coming from the likes of Google, Apple and Amazon, IoT provides plenty of opportunities to improve your home through technology.
Unfortunately, hackers see IoT as an opportunity, too. Security vendor, Symantec, said in its recent annual security threat report: “Targeted attack groups increasingly focus on IoT as a soft entry point.” It previously reported that, in 2018, attacks towards IoT had increased by 600 per cent year-on-year.
As far back as 2014 there have been horror stories of hackers accessing home baby monitoring cameras, but perhaps the best recent example of the potential risk posed by hackers targeting IoT is when Chinese researchers from Keen Security Lab remotely took control of an electronic car.
How Microsoft is solving the IoT security problem
One of the biggest problems IoT device manufacturers face is that security needs to be handled differently compared with the security software and hardware developed for computers.
“It’s an entirely new challenge. If you think of traditional IT and mobility management scenarios where there’s well defined approaches to data protection and access management, coming to IoT, where those methods don’t apply, it is an entirely new world.” Danielle Damasius Principle PM, Azure Sphere, Microsoft, said. “With IoT you’re looking at devices that are always on, unmanaged from a traditional sense and unattended in a lot of cases, so often there are not many indicators a device has been compromised – there isn’t the traditional watchdogs in place.”
Solutions around IoT security need to come from the hardware manufacturing end. With so many devices in production, and no unified platform for IoT security to operate on, manufacturers have previously been left to their own security practices. By the time the end-user has a few IoT devices in their environment, security has become a patchwork of differing standards provided by a wide range of different vendors that have vastly different levels of resourcing available to provide security. Hackers only need to find one vulnerability to gain access to the organisation’s network – and such an environment is ripe for finding weaknesses. It is why IoT is seen as a “soft target.”
As a result, Microsoft has developed Azure Sphere to create a highly secured IoT devices.. A Linux-based embedded OS and cloud service specifically designed for IoT devices, Azure Sphere addresses the most critical challenges facing IoT by presenting a uniform platform for security that all device manufacturers can access.
Manufacturers implement the Azure Sphere platform onto their devices, and can then rely on the built-in security provided by Microsoft’s security practice. Connected to the cloud, Microsoft brings its considerable weight in security to provide failure reporting to identify threats and automatic updates to addressvulnerabilities as they are revealed.
IoT security best practices
While IoT does offer consumers a rich new world of connectivity, people will stop using the devices if the security risk escalates. And the reputational damage to IoT device manufacturers that offer insecure products will be severe – as irritating as it is having ransomware pop up on your computer, the thought of a hacker using your home electronics to spy on you at home is far worse.
“Foundationally, we believe that when you start building devices you should immediately have security in mind,” Damasius said. “Azure Sphere is designed to make it easy and affordable for manufactures to build renewable security into their devices from the outset.”
Microsoft also has a network of hardware and design partners that it works with to help other partner manufacturers build security into their devices.
“Some manufactures in IoT still think they can solve for security later,” Damasius said. “No manufacturer sets out to make insecure devices, of course. Nobody wants to be the one with the botnet refrigerator. But if they’re not being proactive about security from the outset, then they are unintentionally being insecure and putting their brands and customers at risk.”
IoT will boost efficiency and productivity in businesses and at home. Manufacturers want to capitalise on that, and it won’t be long until connectivity is expected when purchasing a device. However, security concerns with IoT provide a real reputational risk for organisations, which is why it’s important the industry moves to a unified and co-ordinated approach to security as quickly as possible.
For more information on IoT and security, don’t miss Danielle Damasius’ presentation at the IoT in Action event in Sydney on March 19. Register to attend here.