Time to ignore manufacturers that are security slackers

In the near future, everything from refrigerators and coffeemakers to cars and home automation systems will be among the 10s of billions of devices on the Internet. But as the so-called Internet of Things grows, security remains a work in progress at best, and it's time for tech buyers to ignore manufacturers that refuse to step up their game.

Security slackers

Security has always lagged behind technology adoption. As the PC market grew in the 1990s, securing software and hardware was an afterthought until the Internet. Once people started connecting Windows PCs to the Web, the door was opened to hackers and Microsoft was left scrambling for years to plug the many holes in the market-dominating operating system.

The pattern in the mobile industry is similar. Hundreds of millions of people using Android smartphones and tablets today face unnecessary risks because wireless carriers and manufacturers have yet to figure out a way to push out timely updates to patch vulnerabilities.

Nevertheless, mobile security seems advanced when compared to the vast majority of other Internet-connected devices, which Cisco says will number 40 billion by 2020 from roughly 9 billion in 2012.

Printers are a perfect example of how security is being shortchanged as we move toward the Internet of Things. Every printer today comes with a built-in Web server, yet by default, the majority of them don't even require a password.

With such basic security missing, it's no surprise that vendors are slow in patching vulnerabilities through firmware upgrades. In the meantime, security researchers have already shown that it's possible to hack networked Hewlett-Packard printers and steal data.

In July, a couple of researchers used a laptop wired to electronic control units of a Ford Escape and Toyota Prius to steer the vehicles left and right, apply the brakes and move the fuel gauge to zero.

At the time, Ford and Toyota said the experiment wasn't a legitimate hack, since a wired connection was needed. But most experts agreed the demonstration showed that the day when a car could be commandeered wirelessly was coming, unless manufacturers worked faster to improve security.

Devices that have already been hacked have included TV sets, video cameras, child monitors and power meters. Through such devices, intruders could violate people's privacy, steal personal data and build large botnets of compromised devices in order to launch denial of service attacks, experts say.

The solution

As the number of threats increase with the rise in Internet-connected devices, there are security tools available to defend against attacks. They include data encryption, strong user authentication, coding with security as a top priority and better testing of application programming interfaces.

To a large extent, securing the Internet of Things isn't much different than locking down computers and mobile devices. Among the bigger hurdles of the IoT is rolling out firmware updates.

The best place to start in securing future Internet-enabled devices is with the buyer. If consumers and businesses place security near the top of their features list, then manufacturers will respond. Without customer pressure, there will be little change in the status quo.

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Windows 10 annoyances and solutions
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.