Within the past decade, the number of Internet of Things (IoT) devices introduced in the market has increased drastically. With totals approaching 15 billion, the staggering conclusion that there are roughly two connected devices per living human is reached. This trend is expected to continue, with an estimate of 26 billion connected devices by the year 2012, the majority of which being IoT and wearable devices. Much like the embedded systems they derive from, IoT and wearable devices are armed with an array of sensors whilst also offering the means to establish a network connection, enabling the transmission of the collected to a remote node. The collected information can range from a simple heartbeat, to temperature and humidity data, to the location of the user himself and his living habits. As such, privacy issues arise. Also, because of the information these devices can gather and store, they become prime target for attackers looking to obtain this data. Further, given the always on network connectivity some of these devices hold and the different usage pattern, these devices could be targeted by malware, increasing the potential for harmful usage.
While IoT manufacturers are aware of the privacy and security implications, security in IoT devices is either neglected or treated as an afterthought. This is often due to the short time to market and reduction of costs driving the device's design and development process. The few devices that do choose to add any protection usually employ software level solutions, such as firmware signing and the execution of signed binaries, methods which resemble those used in regular computing. These solutions, however, do not consider the different usage patterns of IoT and wearable devices compared to traditional embedded systems or personal computers, proving to be insufficient at times. Furthermore, concentrating on the software-based protection schemes often leaves the hardware unintendedly vulnerable, allowing for new attack vectors.
If you would like to see how your company's security implementations fare, please take our survey. Afterwards, your will be able to see your results.
Click here to take the survey