IoT manufacturers’ efforts to build secure devices are ‘shocking’ — OTA

11 Aug 2015

Despite claims by those working within the internet of things (IoT) sphere that smart home devices are secure, the Online Trust Alliance (OTA) has raised questions.

Issues with regard to IoT security are well known now among manufacturers and security researchers alike, as the need to prevent a network breach by a malicious party is more important than ever when a home is connected to a number of smart devices.

Now, however, the OTA’s IoT Working Group which was only founded in January of this year, says that sustainability and a set of guidelines for manufacturers to follow is the only way to ensure that they don’t allow their devices to become vulnerable.

The guidelines set out by the OTA include that the manufacturer must inform a potential customer as to the how their data is collected and what levels of encryption are in place.

According to ZDNet, the organisation – which cites companies like Microsoft and Symantec as members – says that sustainability, in particular, is key, meaning that when someone purchases an IoT device the manufacturer should be able to ensure that it will be secure indefinitely, not just until the warranty runs out.

‘Shocking’ how little they’re prepared

If left unmonitored, back doors to entire systems could be left open for anyone to discover and exploit to remotely control these devices, according to the OTA.

This could lead to the possibility of hackers creating mayhem by sabotaging connected appliances, which could allow them to disable house alarms, open garage doors or infiltrate fitness wearables to spy on health vitals.

Speaking of the current level of security protection offered by manufacturers, Craig Spiezle, executive director and president of the OTA, said it’s shocking how little planning there has been for these devices becoming part of everyday life.

Offering examples, Spiezle said: “What if someone sells a house with a smart thermostat or garage door? How do you ensure the old owner doesn’t access the devices once the new owner moves in? Or what if a hacker finds a vulnerability to activate your smart TV’s camera or microphone?”

He continued: “We also need to look at the collective impact when hundreds of thousands of these devices are compromised at once, impacting critical infrastructure and the smart grid, and diverting first responders.”

Updated 4.15pm, 11 August 2015: This article was updated to reflect a change in a quote from the OTA

Updated 9.14am, 12 August 2015: This article was updated to show that the OTA IoT Working Group was founded in January, not the OTA.

Motherboards image via Shutterstock

Colm Gorey was a senior journalist with Silicon Republic