Why Aren’t IoT Devices More Secure than They Currently Are

Featured Iot Devices Not Secure

The growing popularity of IoT devices does not change the fact that they are also making news for the wrong reasons.

From database leaks to the hacking of IoT cameras, to Amazon employees snooping on your Alexa conversations, it appears that many IoT device companies are struggling to build trust.

Accordingly, we discuss in this article the top challenges that are impeding the security of smart devices.

1. Lack of Regulations

As covered in an earlier article, a lack of uniform regulations is greatly impacting the security of IoT devices. Since the growth of IoT is dependent on a standardized set of norms, the challenge is really at a government level.

The governments of most countries are run by their respective bureaucracies which can be a bottleneck in decision-making. Very few government agencies have the time, energy or incentive to prioritize IoT, as there is too much information to comprehend.

Such a lack of prioritizing leaves space for the IoT industry to come with its own set of standards. For example, the Open Connectivity Foundation includes Microsoft, Samsung, LG, Electrolux and Cisco among the 300 members. It is, by far, the largest alliance of IoT companies.

However, the OCF consortium still does not have enough reach because it does not include major IoT platforms such as Amazon, Apple and Google. Now, when they come with their own set of regulations in the future, it can lead to a real Tower of Babel situation.

2. Lack of Security Protocols

Along with a lack of uniform regulation, most IoT devices do not share a common security protocol.

For example, WPA-3 is an absolutely fine security standard that disallows eavesdropping and snooping attacks. However, at the moment, only a few routers have implemented this new protocol.

List of routers on Wi-Fi alliance website which supports WPA3
List of routers on Wi-Fi alliance website which supports WPA3

Most IoT devices are currently being designed to run on legacy Wi-Fi protocols including WPA-2. While it helps the IoT companies sell more smart speakers and consumer appliances to existing Internet users, the security situation remains vulnerable.

Currently, there is no systematic industry-wide push to embrace the latest secure Wi-Fi access. As long as governments do not intervene to mandate secure infrastructure for all, you will continue to hear about security incidents frequently.

3. Access to Too Much Data

Amazon has come under fire recently for its Alexa voice assistant having access to children’s information. Currently, though, they do allow you to delete your data on a regular basis, such as daily. However, the designers of IoT products want to hang onto the data as much as they can, as they claim they are using it to teach valuable AI skills to their voice assistants.

Smart Home Devices For Alexa Echo Dot

There is no legal clarity at the moment on who owns all the valuable information and how should it be handled. The only way to manage the superfluous information is through a device-specific security firewall that can prevent access to outsiders, similar to how it is done with banking software.

Under no condition should an Amazon or other tech employee be able to access your recordings. But this is new territory that we’re wading through and creating and recreating rules as we go.

Summary

With the growth of IoT in every aspect of life, the question that arises is, why can’t IoT devices be more secure than they currently are?

The real reason is that we are just in an intermediate landing stage in the ongoing evolution of IoT which is always a good thing.

What do you think are the major factors behind IoT devices having so many security concerns? Please let us know in the comments.

2 comments

  1. Imo, there’s one major reason iot devices do not inspire trust. They’re more hype than help. Moreover, no one has any idea whatsoever about the ginormous security risks of everything you own connecting to the Internet.

  2. “Why Aren’t IoT Devices More Secure than They Currently Are”
    Because no corporation or government agency wants the stream of all that free information to be turned off. That data is highly fungible.

Comments are closed.