Cameras, door locks and other smart devices have to be protected by more robust security to avoid an Internet of Things (IoT) that could cause more harm than good, said Chester Wisniewski, principal research scientist at cyber security firm Sophos.
He called for manufacturers to build in a way for users to patch up vulnerabilities and to assure users they would enjoy security updates for, say, three years after purchase.
Last month, some 145,000 cameras were hacked, along with routers and other connected devices to launch an unprecedented attack on a cyber security website and its Web host.
The distributed denial of service (DDoS) peaked at 1.1Tbps, or 60 per cent more intensive than the worst previous attack.
Wisniewski said it was not difficult for hackers to find vulnerable devices with a quick Internet lookup, so they could launch an attack by taking over these devices to flood a server at once and bring it down.
The problem, he explained, was made worse because many such devices were not updated over the years, unlike most PCs today.
“Even if a manufacturer does find a problem and issues a patch, how many users, say, in a convenience store, are going to plug in a USB drive to patch up each camera in their premise?”
With more devices connected in the years ahead, one way is for manufacturers to consciously build in an easy way for mass updates, like how PCs are updated today.
Or they could voluntarily go through a certification process, which will show that they have included security features that make the devices tougher to break into.
They could also get a high certification level if they agree to keep devices updated regularly, say, for three years after purchase, said Wisniewski on the sidelines of the Cloud Expo Asia show in Singapore.
Already, the Google Pixel phone, launched last week, comes with a promise of three years’ security updates, he pointed out.
Perhaps the toughest part about securing IoT devices is creating a standard across manufacturers from disparate industries, from car makers to consumer electronics manufacturers.
One challenge to this is cost, said Wisniewski. As manufacturers seek to roll out smart devices quickly, many are rushing them out without wanting to add an additional layer of security, he noted.
However, some manufacturers are warming up to the idea of putting security topmost in the design of devices, he said.
Increased awareness of the dangers of an unprotected IoT ecosystem will push the industry to up their game to protect new devices joining the network, he added.
Catch the action at the Sophos booth at the Cloud Expo Asia 2016 show in Singapore.