The vulnerability of smartphones and the android operating system is well reported in the August 10 issue of Commswire. What about the much more broad topic of the Internet of Things?

We have recently seen how a car's Internet-connected entertainment system can be hacked to get to the driver control systems; how do you feel about your refrigerator being hacked as an access point to steal your identity or access your bank accounts?

Samsung is undertaking to issue security patches once a month - this is good, but not good enough. For how long will they support each version of their operating system? At the moment, smartphone operating systems are supported for only a few years before the updates stop coming, This might be acceptable for smartphones, which seem to be replaced on average about every 18-24 months, but it is not acceptable for many of the products that are touted to be elements of the IoT. My refrigerator is over 25 years old. Yes, it is due for replacement, but I would not be happy if each of my IoT household appliances had to be replaced every few years at the risk of them becoming online security holes.

Consider the car: According to an ABS car census published in January this year, the average age of an Australian vehicle is about 10 years, with over 40% more than 10 years old, of which over half are over 15 years old. Only 30% of the current stock of vehicles on Australian roads are less than 5 years old. So unless IoT operating system support practices are substantially better than what we currently get for smartphones, about 70% of the cars on the road will have substantial online security holes, vulnerable to direct hacking of the driver controls and presenting an open door to hackers collecting personal information from our massively interconnected, cloud-based, online world.

The IoT is a marvellous concept, but unless this issue is addressed in a comprehensive manner the credibility of IoT will be critically damaged.

PrintEmailPDF
Topics: 

Comments

Administrator's picture

Administrator

Good points, Brian.

Many "things" such as car control systems won't connect directly to the network but, theoretically at least, will be autonomous, using information obtained from radiating and non-radiating devices to inform (or misinform?) them. There will be an eventual network connection point, say, a black box. But what you are saying is that the IoT magnifies the security issue potentially by orders of magnitude.

What work is being done to address this? Will early experiences of insecurity or even the fear of insecurity dampen the takeup of IoT, particularly for vulnerable applications?

Tristan Gutsche's picture

Tristan Gutsche

It opens alot of questions, there is alot of of people discussing it. I have organised with Stuart Corner to talk on IoT next month and these will be some good questions to pose to him.

Cheers,
Tristan