Essential Guide

Browse Sections
This content is part of the Essential Guide: A comprehensive guide to enterprise IoT project success
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

IoT security concerns remain as the technology evolves

One thing everyone should know about the so-called Internet of Things, Gary McGraw recently said, is "Internet" is the collective noun for "things." So just as you can have a flock of geese, you can have an Internet of Things.

Fortunately, McGraw had other insights to offer in this interview, recorded at the 2015 RSA Conference. SearchSecurity editorial director Robert Richardson sat down with McGraw to discuss Internet of Things (IoT) security concerns and the prospects for security as IoT emerges.

"I think what's happening … is that you also have this consumer-facing stuff. And basically you have this tech that's almost free. I mean, why not stick an 8088 chip in there. It's probably more expensive to store that thing in a warehouse than it is to stick it in a dishwasher, so what the hell? So what if your dishwasher had six states -- now it has a Turing machine.

"So I think that tech stacks and the widespread availability of Wi-Fi everywhere makes this almost inevitable. The challenge of course is that, once you have a computer in your dishwasher or your refrigerator, the fun begins from an attack perspective."

As a somewhat lighthearted example, McGraw noted that "if your refrigerator can order milk, an attacker can order a lot of milk … all of the milk! It's like 'Why did all of the milk come to my neighborhood?'"

As for the question of how to manage the APIs that objects will use to talk to other objects and services, McGraw noted that "from a design perspective, what that brings up immediately is 'what are the trust boundaries?' You have to think of trust as a contextual exercise. And you can't say, 'Well, I own it, so I trust it.' That's a little vague. You're going to want to trust your dishwasher less than you trust your Nest thermostat."

Where you need more trust, McGraw argued, is where the trusted object is capable of causing more damage if that trust is violated due to a malicious attack.

View All Videos

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What do you think will be the key obstacles to security as the Internet of Things develops?
Trying to keep up with some set of standards and the constant addition of new technology and devices will be a major task. Throw into the mix more and more mobile devices and in the near future a lot of other advances like self driving cars.. I feel there is no finish line and it provides more opportunities for a breach..  
@ToddN2000 -- The standards alone will be (are being) a major task to keep up with. And then I think to myself: probably most of the standards that will make IoT work haven't even been dreamed up yet. 

As far as breaches go... the API's may very well be a good point at which to stage interventions that create better security. After all, nothing gets off these devices without the use of a bunch of API's. 

"None of them is secure!" you say. Well, yeah. There's that.