The Vulnerabilities of IoT: Exploring Security Challenges and Concerns in the Internet of Things/

The Internet of Things (IoT) has been a buzzword for years, but limited commercialization and sluggish development have led some industry watchers to start calling it the “Internet of NoThings.” Security is one of the most pressing concerns that is slowing down the growth of IoT. The knowledge and experience are already here to make IoT secure, but they have to be adapted to fit the unique constraints of IoT devices. Unfortunately, this is where we as system security developers stumble upon another problem, a hardware problem.

IoT Security Challenges

U.S. Federal Trade Commission chairwoman, Edith Ramirez, addressed the Consumer Electronics Show in Las Vegas, warning that embedding sensors into everyday devices, and letting them record what we do, could pose a massive security risk. Ramirez outlined three key challenges for the future of IoT: ubiquitous data collection, potential for unexpected uses of consumer data, and heightened security risks. She urged companies to enhance privacy and build secure IoT devices by adopting a security-focused approach, reducing the amount of data collected by IoT devices, and increasing transparency and providing consumers with a choice to opt-out of data collection.

Insecure IoT Hardware

Unfortunately, hardware is another major issue with IoT security. According to Ramirez, developers of IoT devices have not spent time thinking about how to secure their devices and services from cyberattacks. The small size and limited processing power of many connected devices could inhibit encryption and other robust security measures. Moreover, some connected devices are low-cost and essentially disposable. If a vulnerability is discovered on that type of device, it may be difficult to update the software or apply a patch – or even to get news of a fix to consumers.

IoT Hardware Challenges

IoT chips won’t be big money-makers since they are tiny and usually based on outdated architectures. For example, the first-generation Intel Edison platform is based on Quark processors, which essentially use the same CPU instruction set and much of the design of the ancient Pentium P54C. However, the next-generation Edison microcomputer is based on a much faster processor, based on Atom Silvermont cores, which is in many Windows and Android tablets, today.

On the face of it, we could end up with relatively modern 64-bit x86 CPU cores in IoT devices, but they won’t come cheap, they will still be substantially more complex than the smallest ARM cores, and therefore will need more battery power. Cheap and disposable wearables, which appear to be the FTC’s biggest concern, won’t be powered by such chips, at least, not anytime soon.

IoT Security Investment

One of the most common ways of tackling any problem in the tech industry is to simply throw money at it. According to research firms IDC and Gartner, IoT will grow to such an extent that it will transform the data centre industry by the end of the decade. Gartner expects the IoT market will have 26 billion installed units by 2020, creating huge opportunities for all parties, from data centres and hardware makers to developers and designers. IDC also expects the IoT industry to end up with “billions of devices and trillions of dollars” by the end of the decade. Gartner’s latest IoT market forecast published in May 2014 also includes a list of potential challenges, some of which I’ve already covered.

Security Challenges in IoT

Security is one of the top concerns, as increased automation and digitization creates new security concerns. Security issues could pose safety risks in the enterprise. Potential privacy breaches are possible. Lots of data will be generated, both for big data and personal data. The industry needs to figure out what to do with the data in a cost-effective manner. More investment in servers will be necessary, and WAN links are optimized for human interface