As with many nascent technologies, manufacturers don’t necessarily consider the full security risks when they rush to build and release their products.
That’s no exception for the internet of things, and although some will be more secure than others, it’s best not to trust the manufacturers to have baked in security from the beginning.
“IoT devices are hard to protect and most were not made with any consideration to security,” says Peter Nguyen, Director of Technical Services at LightCyber. “They are built for easy connectivity to share information or receive instructions. Many lack robust access control or the ability to use secure, changeable passwords – it’s unlikely that effective endpoint protection software can run on such devices.”
Rob Miller, head of operational technology at MWR InfoSecurity, believes that Manufacturers need to wake up to the fact it will also benefit them to design products with the latest attacks in mind, plus remote updating by default.
“There are no golden badges to look for when assessing a product’s security features, so instead many consumers and businesses choose to buy from manufacturers that can demonstrate their interest in security,” Miller says. “This might be in a warranty that includes security updates, or activity in the security community such as having a bug bounty programme.”