The Internet of Things (IoT) is certainly a topic of much discussion, though for many it remains a consumer-oriented fad that has yet to make a real impact on the enterprise.
Unless, of course, you’re an enterprise that is taking advantage of things as part of your business strategy.
Sometimes we forget that beyond the consumer gadgets that make the headlines, there’s an entire world out there of sensors, appliances, control systems, and even toys that are already a part of the Internet of Things.
And that means there are already issues with security.
One recent issue involves an Internet connected teddy bear from Fisher Price. The security issue? A web application with which the teddy bear communicated apparently contained a vulnerability that left children’s identities exposed. This coming on the heels of the discovery of multiple flaws enabling the internet-connected Hello Barbie doll to be potentially turned into a surveillance device.
Don’t have kids? Try a read through Princeton’s security testing of Belkin WeMo Switch, the Nest Thermostat, an Ubi smart speaker, a Sharx Security Camera, a PixStar digital photo frame, and a SmartThings hub. According to the report, “Ubi used unencrypted communication methods that would reveal sensitive information such as if the user were home or if there were any movements within the house.” Both Sharx and PixStar transferred unencrypted data.
Now maybe we’re focusing on the “thing” side a little too much because it’s new and every new thing that connects to a network winds up with a wealth of new security risks that must be addressed and well, gosh darn it, it’s new and exciting. But the reality is that as you’re looking at incorporating “things” into your business model – whether for operational efficiency or to open up new markets – it behooves us to go back to the basics and ensure we’ve got that side of the equation covered, too.
It’s a simple thing to encrypt traffic. The Internet has more than 15 years of sometimes hard-learned lessons on the importance of proper key and certificate management. And yet millions of devices are reusing certs and sharing keys. And securing web apps? We’ve been pounding on that drum since e-commerce got its “e” and became a thing to be exploited.
The things are coming, have no doubt about that. Many are already here, and some of them seem, as Douglas Adams might say, “mostly harmless.” But it isn’t just about the things. It’s also about the applications and systems with which those things almost always communicate, whether it’s to register, activate, obtain new content, share data, or to be managed.
Even if the app providing backend functions for your thing isn’t promoted as publicly accessible, it must be, by definition, publicly accessible in order for things out there to access it via the Internet. That means you should insist on security testing for every app that will be accessed by the thing you’ve built. Whether it’s in the cloud or in the data center, it needs testing and protecting.
The Internet of Things is the Business of Applications. And that means that the security of the internet of things is just as much about securing things as it is the securing the application ecosystem that supports them.
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...