With the proliferation of new IoT devices, some companies are struggling to keep up.
But some security experts are calling on the industry to adopt better security measures to protect the data that’s being transmitted.
In an interview with The Hill, the security experts argue that there is a clear need for IoT companies to implement additional security measures.
“A lot of the security that companies are doing is not in the right place,” Michael Cottrell, director of security at the cybersecurity firm CloudFlare, told The Hill.
He added that while there’s been some progress on security, more needed to be done. “
You need to really have a conversation about who is being protected and how.”
He added that while there’s been some progress on security, more needed to be done.
“The industry is still very far from being ready for this,” Cottell added.
CloudFlares cybersecurity experts have been vocal about the need for security in IoT devices since 2015, when a security researcher named Michael P. O’Brien published a white paper detailing how a hacker could gain access to a Nest thermostat through a simple web request. “
We are at the beginning of a transition, but it’s taking a long time for IoT security to catch up.”
CloudFlares cybersecurity experts have been vocal about the need for security in IoT devices since 2015, when a security researcher named Michael P. O’Brien published a white paper detailing how a hacker could gain access to a Nest thermostat through a simple web request.
In the past year, several other researchers have begun to examine the impact of IoT security and have suggested ways to make IoT devices more secure.
Earlier this month, CloudFlarenes security researcher Ben D. wrote an open letter to the IoT industry urging them to make security “a top priority.”
While there is no set timeline for security changes to IoT devices and it’s difficult to predict how IoT devices will adapt to these changes, cybersecurity experts believe that more needs to be said.
“What we need to do now is have conversations about how we’re going to move forward, not just what we’ve done,” said Cottrill.
“It’s going to be very hard to get that discussion going if the industry doesn’t understand the value of security in all their IoT products.”
The Hill asked Cottill how the industry could prepare for the security challenges that IoT devices are facing.
“I think the first thing to do is to get an understanding of how these devices are being used and what’s being sent to the Internet,” he said.
Cottilli pointed to a recent example.
In November, Cloudflares security researcher Michael P O’Connor published a paper detailing the use of a maliciously crafted Web request to steal data from the Nest thermoregulator.
The researchers discovered that the request was sent to a device that had a custom-built app that had no way to authenticate as a real device.
“This was really the only way they could get access to data,” Cotill said.
CloudFlaires research showed that the Nest app could have been spoofed or tampered with in any number of ways.
However, O’Conner’s paper found that the security researchers had discovered and exploited a vulnerability in the Nest iOS application that allowed them to remotely wipe the Nest’s data without requiring any user interaction.
“That is an important and very dangerous thing to see in the IoT, and it could potentially be a security vulnerability that could be exploited to do bad things to your Nest,” Cootill said, noting that there are many IoT devices that do not have a proper, trusted security protocol.
“If a smart device is running a web service, it has to authenticating to the web service,” COTILL added.
Cloudflare has already deployed its own security team to investigate these reports, and Cottilios security team has already patched some Nest devices with the help of a vulnerability that was discovered in the iOS app.
Cloudfares security team also identified another possible issue with the Nest web app that could allow an attacker to take control of the device.
But the company has yet to address the issue directly.
“What we’re seeing is a lot of people taking this very seriously,” Cotheill said of the cybersecurity threat posed by IoT devices.
“They’re very concerned.
They’re trying to make sure that they do everything they can to secure their devices, and that’s very important.”