Intel recently launched its 2017 security report, predicting all sorts of doom and gloom for the future of smart homes, drones and the Internet of Things. Between botnets, malware and international cyber-attacks, the new report paints a fairly grim picture.
So, is this fair? Or are we closer to a solution to the issue of IoT security than we’ve been led to believe?
While 2016 has been a bad year for the IoT’s reputation we have seen, over the last few months, some of the biggest IoT attacks on record. In late September, security expert Brian Krebs’ website, KrebsOnSecurity.com, was hit by a BotNet made up of over 145,000 IoT devices. The following month, a second IoT BotNet was used to launch an attack on US internet infrastructure, successfully bringing down sites such as Twitter, Paypal and Spotify.
Clearly, the current incarnation of the Internet of Things is suffering from a serious problem with its security. But is this a good enough reason to give into fear mongering or visions of smart toasters rising up and attacking their owners? While security concerns do exist, their solution is a lot closer than you might think.
One of the big issues to-date has been the fact that the IoT has relied on so many different (often wholly unique or proprietary) OSs. Each of these OSs must be supported in a fundamentally different way.
What’s more, the industry has lacked a standardised and centralised method of delivering updates to these devices, or a co-ordinated method of providing such updates in the event of company-failures. As IoT start-ups have folded and their entrepreneurs have moved on to other things millions of connected devices have been left without vital security updates and support; a perfect opportunity for hackers and BotNets.
However, as the Internet of Things expands a far greater emphasis is now being placed on standardisation and long-term support. Instead of relying on customers to update their own devices, or even on business to proactively push updates out themselves, our aim at Canonical has been to create a system that doesn’t require either party to get involved. Instead, by relying on a centralised operating system we’ve been able to create a new infrastructure for the IoT, through which applications and secure updates can be centrally managed, digitally signed, and then rolled out automatically.
That centralised operating system, the Ubuntu Core, is able to ensure that connected devices can only ever receive approved software installations – significantly reducing the risk of malicious software, unforeseen security holes, or the risk of botnets bundled with updates.
This is not something that is set to be rolled out in the next 10 years, however, but is instead a solution that can be implemented now.
So, rather than 2017 being ‘the year of the IoT cyberattack’, it could very easily be ‘the year that the IoT cyberattack is rendered irrelevant’. Rather than fearmongering or obsessing over the potential holes in IoT security, electronics providers should instead be investing their time in positive solutions.
Whether greater integration, centralised updates or standardisation of infrastructure, the solution to IoT security is only round the corner.
Thibaut Rouffineau is Head of Devices Marketing, Canonical/Ubuntu
