There are dozens of startups working on wiring everyday products to become part of the Internet of Things (IoT) and a few weeks ago I cited an article that raising money in that arena was tied to building security into a product from the beginning.
Security used to be a function to which consumers gave little thought, but that is rapidly changing.
Anything can be hacked, but awareness was heightened recently when security experts hacked a Jeep’s entertainment system and took control of vital driving functions.
The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.
And if none of this makes IoT startup founders rethink their cavalier attitude towards building tough security into their initial design, perhaps this comment from Colby Moore, a security research engineer at the cybersecurity firm Synack, will make them think twice.
“Really, the state of security on these things right now is pretty atrocious… A lot of these device manufacturers are just not security people and they really just don’t have security people on staff, especially when it comes to IoT start-ups. What they are doing is phenomenal with all of these new uses for technology. But security isn’t a concern for everybody. It’s ship now and patch later mentality.” (…) If you are worried about it then don’t put yourself at risk. It’s kind of up to us to demand a higher security standard and hold the manufacturers to it.”
Flickr image credit: centralasian