The Internet of Things, or IoT, has been both a blessing and a bain since it came into existence. Does convenience trump security concerns? That's the question each user has to ask his or herself. It's that security part that tends to make the news.
The latest to suffer a setback is Samsung SmartThings, with a new report claiming the platform has a security problem. The vulnerabilities reported are only hypothetical so far however.
This report comes from the University of Michigan and Microsoft Research. Samsung says that "Over the past several weeks, we have been working with this research team and have already implemented a number of updates to further protect against the potential vulnerabilities disclosed in the report. It is important to note that none of the vulnerabilities described have affected any of our customers thanks to the SmartApp approval processes that we have in place".
Samsung claims it is taking the report seriously and using it to improve the security of its product line. We'll see if that happens, but it is, at least, a step in the right direction.
The company concludes "Even though current customers have not been impacted, we take the recommendations of Mr. Fernandes, Dr. Jung, and Dr. Prakash seriously and are grateful for all opportunities to continue to improve the security of our platform".
Cesare Garlati, chief security strategist for the prpl Foundation commented: “The home is something that is precious – you wouldn’t just allow anyone through your front door, so why do people do it with their connected devices so willingly? When it comes to IoT in the home, people must realise that security of these devices just doesn’t exist yet. A case such as this brings forward a number of questions, particularly: Do these systems really need a mobile app? Does the app really need to connect to central server in the cloud? And most importantly, is it sound to have a smartphone (especially running on Android) control anything that is critical to you?
“These are all key questions to address when we look at IoT, especially in the home as a vast majority will not use apps that are developed by the OEM, but rather assembled using a host of third parties – of which they have no control or visibility over.
In order to combat this, OEMs should implement open and interoperable standards in their devices and Home IoT Architecture should rely only on a local hub, which should be secured. If researchers can break these devices, it’s a safe bet that criminals may have already found a way in, too.”