IoT Security in a Fragmented Marketplace

By: Rob Karpinski
Project Engineer, Embedded Systems

22nd March 2018

Since the rise of IoT, companies and manufacturers both large and small have rushed to try and capitalise on this growing technology and, arguably, there are now a lot of competing communication and connection methods for IoT products out there.

A lot of these are from the Eastern marketplace and are commonly produced by China to offer consumers a “cheap” alternative to Western products, provided by companies like Apple, Philips or Hewlett Packard.

This raises a couple of security concerns as consumers now face a commercial marketplace with a lot of similar looking products that all vaguely do the same thing but connect to the internet in different ways. A driving force in the popularity of Chinese products is their price, after all, why would you pay £179 for a Nest Cam Outdoor when you can get a cheaper Xiongmai camera module for a fraction of the price?

The Mirai Botnet

One example of unsecured IoT devices being exploited was the Mirai botnet scandal in 2016. To gain a competitive advantage in the computer game, Minecraft three college students unwittingly unleashed a botnet that spread across poorly secured IoT devices and wireless routers, slowing down or stopping completely internet access for nearly the entire eastern United States. The malware infiltrated a dozen different IoT devices (including CCTV cameras and digital video recorders) by scanning the internet for connected technology that still used the manufacturers’ default security setting. Researchers later determined that it infected between 200,000 and 300,000 devices overall (including Xiongmai products, initiating a product recall) – the largest distributed denial of service attack (DDoS) ever launched.

The “S” in IoT stands for Security

Due to the highly networked nature of Internet of Things devices and the rising privacy concerns over how device data is being used (or misused) in the profiling and targeting of people, ensuring a secure IoT device has never been more important for tech product companies that want to be perceived as trusted and innovative market leaders.

Playing an active part in this industry myself (both as an engineer and consumer of tech), I believe engineers should always stay focused on these technical, logical, and ethical challenges when evolving the use of this internet-connected technology. As a consumer, the majority of IoT devices are secure but always ensure you update your devices with the latest firmware and software updates.

Since the rise of IoT, companies and manufacturers both large and small have rushed to try and capitalise on this growing technology and, arguably, there are now a lot of competing communication and connection methods for IoT products out there.

A lot of these are from the Eastern marketplace and are commonly produced by China to offer consumers a “cheap” alternative to Western products, provided by companies like Apple, Philips or Hewlett Packard.

This raises a couple of security concerns as consumers now face a commercial marketplace with a lot of similar looking products that all vaguely do the same thing but connect to the internet in different ways. A driving force in the popularity of Chinese products is their price, after all, why would you pay £179 for a Nest Cam Outdoor when you can get a cheaper Xiongmai camera module for a fraction of the price?

The Mirai Botnet

One example of unsecured IoT devices being exploited was the Mirai botnet scandal in 2016. To gain a competitive advantage in the computer game, Minecraft three college students unwittingly unleashed a botnet that spread across poorly secured IoT devices and wireless routers, slowing down or stopping completely internet access for nearly the entire eastern United States. The malware infiltrated a dozen different IoT devices (including CCTV cameras and digital video recorders) by scanning the internet for connected technology that still used the manufacturers’ default security setting. Researchers later determined that it infected between 200,000 and 300,000 devices overall (including Xiongmai products, initiating a product recall) – the largest distributed denial of service attack (DDoS) ever launched.

The “S” in IoT stands for Security

Due to the highly networked nature of Internet of Things devices and the rising privacy concerns over how device data is being used (or misused) in the profiling and targeting of people, ensuring a secure IoT device has never been more important for tech product companies that want to be perceived as trusted and innovative market leaders.

Playing an active part in this industry myself (both as an engineer and consumer of tech), I believe engineers should always stay focused on these technical, logical, and ethical challenges when evolving the use of this internet-connected technology. As a consumer, the majority of IoT devices are secure but always ensure you update your devices with the latest firmware and software updates.

Save

Save

Save

Save

Save

Save

Save

Save

Save

[mvc_button anim_trans=”hvr-pop” btn_text=”SECURITY” btn_clr=”#f79646″ btn_url=”https://www.plextek.com/markets/security/” btn_next=”_blank”]

[mvc_button anim_trans=”hvr-pop” btn_text=”EMBEDDED SYSTEMS” btn_clr=”#f79646″ btn_url=”https://www.plextek.com/expertise/embedded-systems/” btn_next=”_blank”]

[mvc_button anim_trans=”hvr-pop” btn_text=”DATA EXPLOITATION” btn_clr=”#f79646″ btn_url=”https://www.plextek.com/expertise/data-exploitation/” btn_next=”_blank”]

Further Reading