IoT (Internet of Things) Security

05 July 2017

Right off the bat I’ll tell you this is not my specialty.  But I’m in great company.  There is hardly anyone who is an Internet of Things specialist.  The devices and platforms controlling them (and I’m not even getting into drones.. yet) are popping up faster than anyone can keep up.

PCs really started in the late 70’s.  It took nearly 30 years for them to take over the world.  The iPhone is only 10 years old and is now old school.  What can be termed as IoT is maybe three and it is already sufficiently pervasive that you and nearly everyone you know has several devices.

What we do know is that there is an inherent danger in integrating IoT devices, especially in businesses, that are built and provisioned for the price that most of us would like.

We recently purchased an external camera.  Once I decided which one I wanted I looked for the best price.  Of course.  But, and this is a huge but, the cheapest version of that model was a Chinese version.  Not just made in China but actually the Chinese model.  Which means that the needed firmware upgrade, the internal software that maintains the highest security level for this device, did not work in the U.S.  I was really surprised by that.  The warranty was also not worth anything.  But the camera looked identical to the one I finally bought with only one letter designation different in the model.  Very hard to distinguish.

I ended up buying it from one of our primary distributors who back the warranty and certify that the camera is the one that I want.  It cost me maybe 10% more.  Well worth it.

Lesson learned?  Know your vendor for IoT devices.  If it connects to the Internet either take the time to be sure you know what you are getting and who is supplying it or pay someone else to do that job.  If you are a business, find someone who will back the product and set it up right ensuring that access is the minimum required and that all security updates are made and set up to run automatically.