The rise of “smart” devices equipped with arrays of sensors and network connections is rapidly making the “Internet of Things” one of the most widely hyped ideas of the year ahead. But even as tech enthusiasts excitedly tout the benefits of everything from Internet-connected refrigerators to Android-equipped rice cookers, others have expressed concern about the security risks these devices create. To address these fears, developers may have to improve planning for protecting against attacks and strengthen coding processes to incorporate more safeguards.
In a recent column for Wired, Forrester Research analyst Andrew Rose outlined some of the value and risks machine-to-machine (M2M) communication creates. Already, “dumb” objects equipped with features such as QR codes have revealed some potential for danger as malicious actors access new forms of data, but the risk is likely to become more pronounced as sensor networks evolve to govern fully automated devices.
“Most security and risk professionals are so preoccupied with putting last week’s vulnerability-malware-hacktivist genie back into the bottle, that they’re too distracted to notice their R&D colleagues have conjured up even more unpredictable spirits,” Rose wrote. “Spirits in the form of automated systems that can reach beyond the digital plane to influence and adjust the physical world … all without human interfacing.”
While some devices, such as connected refrigerators, may not constitute a substantial threat, automation could present greater risks in other contexts, Rose noted. For instance, a drug dispenser set up to issue medication based on sensors detecting body conditions could easily be turned to malicious ends if not properly protected. Furthermore, it can be hard to anticipate how attackers might choose to take advantage of connected devices, according to Forbes contributor Raj Sabhlok.
“Should you really be worried that hackers will use your toaster to somehow drain your bank account?” he asked. “Right now, the ability for hackers to gain access to your network or personal data via an internet-enabled device is theoretical. But history has shown that malicious programmers will figure out clever ways to exert control over devices remotely in ways no one planned against.”
Sabhlok advised consumers to take the time to understand the security precautions built into smart devices before making purchases. As such considerations become part of the buying process, manufacturers will want to reassure the public they are taking steps to make gadgets secure. By using a secure development process that includes source code analysis tools, vendors can factor software security into connected devices and quiet emerging fears about the Internet of Things.
Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.