Security risks are a problem for the Internet of Things (IoT) because companies do not understand how to protect connected devices, according to Symantec’s IoT specialist.
Speaking at the Wearable Technology Show in London, Brian Witten, senior director of IoT security at Symantec, said companies of all sizes lack the know-how to secure low-powered IoT devices, which leaves them vulnerable to skilled attackers.
“What we see a lot of is a lack of awareness mainly because there are a lot of companies out there that are great at device engineering but aren’t security companies. And there are a lot of security companies that have never done engineering in these extremely constrained devices,” he said.
“A lot of people believe security can’t be built into these devices because of the limited computing power or the obscure architectures or lots of other reasons. But it can; it’s just that it’s not widely known how to do that.”
Witten said that Symantec works with IoT technology vendors to inject cryptographic keys into IoT devices, some with the physical width of a human hair.
The key to this, he said, is using alternative types of encryption technology to the likes of SSL (Secure Sockets Layer) that can be used in connected devices with tiny amounts of compute power.
“These extremely constrained devices can do very seriously powerfully effective crypto for a long time with very little battery,” he said.
Witten said such techniques could be used to secure sensors on extended IoT networks such as pipelines where it would be impractical to send out engineers to replace sensor batteries on a regular basis.
If companies fail to do this, Witten said, their IoT networks would be compromised: “Security is never done and if you’re not nimble, I guarantee the attacker will be nimble.”
However, there is a flipside: “Where awareness increases, we see people making smart decisions to rolling in more and more security,” said Witten.
IoT security is probably one of the most talked about subjects surrounding the technology trend, with some claiming companies are sleepwalking into danger by not addressing the issue.
However, companies like BT and Vodafone have joined forces to create the Internet of Things Security Foundation in order to raise awareness.
And, yep, it'll run Android rather than RiscOS
US engineering giant's cost-cutting outsourcing plan is on the rocks, according to insiders
HP Envy X2 laptop only affordable if you've got loadsamoney
Counterfeit code-signing certificates enabling hackers to hide malware being sold by cyber criminals
Certificates can be used as part of layered obfuscation to evade detection by anti-virus software