Skip to main content

Where’s security in the IoT and wearables land grab?

We are on the cusp of a totally connected world. The Internet of Things is no longer an emerging trend, it has arrived. If you want evidence – real evidence rather than the speculation of industry analysts – then take a look at the $1.4 billion Cisco reputedly put on the table at the start of February to acquire IoT platform provider Jasper Technologies.

Jasper, founded in 2004, came about as a result of an epiphany that CEO and founder Jahangir Mohammed had when, after seeing a warning light on his car dashboard, he needed to spend several hours finding a mechanic to diagnose a problem that a connected car could have done in seconds. Just 16 years later, in-car connectivity of some sort is expected as standard in most new cars.

IoT is not the preserve of the automotive industry. At SoftServe we’re observing a huge growth in the volume of connected devices and wearables. The challenge here is that there are a frighteningly large number of start-ups entering the marketplace who have little or no knowledge of security. The likes of Jasper, which has a strong heritage working with mobile network operators, and Tesla, whose founder Elon Musk experienced security challenges at the sharp end with PayPal, do not fall into that category. But not everyone in the game is as robust as Jasper or Tesla!

A further complication to the story is that IoT devices and software needs to integrate with existing legacy infrastructure. Security runs the risk of becoming an afterthought in the great IoT land-grab. But as we’ve seen from the dramatic rise of IoT, a lot can happen in a short amount of time. Building in backwards compatibility and future proofing products as much as possible is absolutely vital when it comes to security.

The chain of custody for IoT security is complex and includes everyone from service providers, to end-users and regulators. But at the head of the chain are the firms making the hardware or software that drives the connectivity. Whether you are making a smart meter or a wearable tracking device, or a piece of software that sits on another device, you need to build in security from the get go, and it needs to be watertight.

There are plenty of examples out there right now where security is far from watertight. There are scare stories about baby monitors being taken over by malicious hackers, there are stories about cars being hacked and disabled whilst out on the road. But these are the tip of the ice berg. When everything is connected the opportunities for data to be siphoned off will increase exponentially. If you tell your house to turn off the heating because you’re not home, you’re potentially telling the world exactly the same, even something as mundane as a printer ordering and paying for new ink because it ‘knows’ it is running low, could be hacked into ordering and paying for anything else on the Internet for someone else. The potential for inventive cybercrime in the IoT/wearable space is limited only by the imagination of the criminals.

We help our clients by establishing a process called a Secure Development Lifecycle, where we define the roadmap of how to design and build in security to a product from the very beginning, as well as how to assure that components will be secured for five or even 10 years.

According to the Global State of Information Security Survey 2015, about 70 per cent of connected IoT devices lack fundamental security safeguards. In 2016, it is expected that IoT security challenges will continue to evolve as one of the top priorities in the industry. We’re going to see even more smart gadgets - wearables, healthcare devices, sensors, and connected cars – all with their own vulnerabilities, launched over the course of the next year. We’re also going to see more stories in the press about devices being hacked. If you’re entering the IoT space don’t let those stories be about your company.

Nazar Tymoshyk, Security Consultant Lead, Research & Development at SoftServe

Image Credit: Shutterstock / everything possible