“IoT doorbell gave up Wi-Fi passwords to anybody with a screwdriver” read the headline from the January 27, 2016 posting on Naked Security by Sophos. Many people will look at that and question the reliability of the article, wondering how it’s possible that something as simple as a doorbell could lead to such an invasion of privacy. There’s an assumption of safety that comes with technological devices that creates a sense of false security for most consumers.
Many electronic devices store important data, such as passwords, without encrypting the data, subsequently enabling hackers the opportunity to gain access to valuable information. Frequently people make it even easier for hackers by using passwords that are too simple or that have not been changed from the default setting.
The IoT doorbell that can be “hacked with a screwdriver” is just one example of why Icon Labs is promoting the Internet of Secure Things initiative. By putting better security into the components inside the device, access to the home network could have been prevented.
Security that is deployed within the device should require a new password upon installation, validation of password strength, and store important information in a secure storage area and/or encrypt that information. Icon Labs’ Floodgate Security Framework ensures that all of these reasonable measures are enacted by developers, thus securing the device and protecting valuable data.
This follows on the heels of the Consumer Electronics Show (CES) where the volume and quality of new devices was impressive. However, Alan Grau, President of Icon Labs, also described it as the largest collection of insecure devices in the world. Speed to market is driving the lack of security. Lack of security may drive speed to failure.
The technology is there, the security is there, now it’s critical that developers pair the two to create the Internet of Secure Things.
Ernie Rudolph is the Executive Vice-President of Icon Labs, a leading provider of security solutions for IoT devices. You can reach him at firstname.lastname@example.org