Experts interviewed by the Cyber Security Research Institute for the new report Internet of Things: Pinning down the IoT (sponsored by F-Secure), say that in its current form the Internet of Things (IoT) represents a considerable threat to consumers due to inadequate regulations regarding security and privacy. Swift action is recommended to avoid a predictable descent into a dystopian future.
With the number of connected devices now likely exceeding the human population of Earth, the IoT is already nearly inescapable. Millions of connected devices have already been compromised to be used a part of the Mirai botnet. Many consumers aren’t aware of inherent risks of their connected devices and that manufacturers often rush products to market without considering basic security requirements and settings.
“This situation could create an even more frightening scenario than the UK tabloid newspapers' ‘phone hacking’ scandal, due to a massive adoption of insecure IoT devices,” the report states.
Even as millions of new connected devices come online every day, consumers are still generally aware that their new 'smart' appliances will go online. But the lust for consumer data could change that in the future.
“Eventually almost every household device will be online, and they will largely be invisible to the end user as a smart device,” Mikko Hypponen, Chief Research Officer of F-Secure, said in the report. “They will look like dumb devices, but they will be smart devices though they won’t offer any features to the consumer because the real reason for them to be online will be for them to report home and report analytics to the company that built the device.”
Already it’s difficult to find any model of some devices, such as televisions, that do not connect to the internet.
The laws of supply and demand have not yet yielded an IoT that’s built for the future. If consumers aren’t demanding security, manufacturers will never prioritise it. But given the extraordinary dependency society is likely to develop on billions of IoT devices, governments may have to step in to demand security requirements.
In the report, Michael Barton, the Chief Constable of Durham Constabulary said: “There needs to be regulation but I'm fighting shy of heavy regulation here. You can't sell toys with pins in them so that children are blinded. You can't sell cars where the brakes work intermittently. Nor should you be able to sell something on the IoT that allows people's bank accounts to be emptied.”
In addition to educating consumers about the risks of existing IoT devices as the US appears ready to do, governments also need to address the quality of technology being put in consumers’ hands and homes, the report finds. Product manufacturers should be regulated to ensure that products that come to market are not lacking in security or privacy measures.