It's Time to Unplug the Insecure IoT

Hackers have proven what security experts have been warning us about for years—that they can soldier insecure Internet of Things devices to do their bidding. It's past time for all players in the IoT ecosystem, from manufacturers to consumers, to address vulnerabilities.
By Mary Catherine O'Connor

This weekend, I attended a retrospective exhibition about the internet—ironic, given the fact that the DDoS attack is all over the news. Through exhibits and artwork, the event looked back to the early days of home modems and networking equipment, and to some of the early do-it-yourself website platforms for consumers, such as the now-defunct GeoCities. The experience elicited many memories for me, such as building my own computer, around 1995, using store-bought components and with the much-needed help of a friend who was studying computer science. Even though we all relied on painfully slow internet connections back in the pre-broadband days, there was so much magic and potential in the internet.

These days, my reliance on the internet is truly profound. I literally rely on it for my livelihood. And, of course, it powers much of my day-to-day communications.

Yet, for all the time I spend reporting on the Internet of Things, I really don't dabble in it. Aside from a smartphone and laptop, I have no IoT devices. I manually control my thermostat. I do not receive a text message when my washing machine completes a cycle. I need to walk through my front door before I can turn my lights on.

My home remains disconnected from the IoT for a long list of reasons, including concerns about digital security. But I still want manufacturers of IoT devices to improve the security of the products they sell, and I want retailers, brands and service providers to talk about digital security more, so that consumers who do use IoT devices can feel compelled and empowered to adopt practices that will result in safer networks.

Setting, and periodically changing, your own passwords is not the only tool consumers wield in the fight for a safer IoT. We can also demand that the brands and retailers from which we purchase internet-connected devices provide us with products compliant with the latest industry-vetted security standards. Someday, the U.S. Congress and government agencies may require that manufacturers of connected devices meet higher data-security standards. In the meantime, the most effective motivator will be exposing security vulnerabilities. If there is a silver lining to the type of hack that the web experienced on Friday, it is that exposure.

Reuters is reporting that XiongMai Technologies is recalling some of the internet-connected video cameras and DVRs that were leveraged in Friday's DDoS and are presumably still hackable even with updated passwords. To me, that is good news, because if the IoT is safer, the internet is safer, and my livelihood is safer—and yours probably is, too.

Mary Catherine O'Connor is the editor of IoT Journal and a former staff reporter for RFID Journal. She also writes about technology, as it relates to business and the environment, for a range of consumer magazines and newspapers.

Simply enter a question for our experts.
Sign up for the RFID Journal Newsletter
We will never sell or share your information
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations