Internet of Things (IoT) security must focus on the physical risks posed to people, according to a panel of industry and academic experts at Infosecurity Europe in London.
The panel noted that connected devices in cars, for example, could pose a real danger to humans if they are hacked.
“I think the main points of security in the IoT context is in terms of protecting us from the physical harm that results from cyber threats to our [connected] systems,” said professor Chris Hankin, director at the Institute for Security Science and Technology at University College London.
James Lyne, global head of security research at Sophos, believes that the need for IoT security is not overhyped.
“A lot of these devices are toys or bizarre crap that I don’t know why anybody would want. And people are saying: ‘Why are you bothering to hack that? It’s junk,'” he said.
“There been this huge discussion in the industry about junk hacking and stunt hacking, and the reason is that these devices are changing, being added to, evolving at an insane pace.
“It only takes one of those devices two months, six months, 12 months from now to find a major place in our homes or our work where all of a sudden the crap becomes something we care about.
“So we have a whole industry that is being ignored by the virtue of unimportance, but all of a sudden may find itself extremely [open] to attacks. Wouldn’t you rather learn lessons about how to secure an industry while it’s still a toy rather than fighting a rear-guard action?”
Ian Smith, IoT security lead at the GSMA, also spoke of the need to address IoT security with physical dangers in mind.
“If you get security right you could launch products or services and be the next success story. But get security wrong and you’re potentially gone a few days later,” he said.
However, there are several challenges to be addressed, principally the need to secure devices that will be in place for a long time, such as sensor networks, and to include robust security in very small devices.
Hankin suggested that security should be applied at a systems level so that services delivered to people are protected even if individual components are not.
The topic of discussion is particularly pertinent given concerns that IoT firms are sleepwalking into cyber security dangers.
Equally, as concerns over IoT security gather pace spending on addressing them is set to increase, indicating that the industry could be taking the threat more seriously.
Why does Facebook store "my entire call history with my partner's mum", asks developer who requested his Facebook data
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Before Ocado could start selling the technology it had developed to other retailers, it had to tear down and rebuild its own monolithic architecture
Successful attack could result in harm to patients and financial loss, warns NHS governing body
Guccifer 2.0 claimed to be a lone Romanian hacker - until a schoolboy error gave him, her or them away