1. How did we get here?
Another day, another series of disappointing security revelation. Russian hackers stole 1.2 billion passwords (http://blogs.wsj.com/digits/2014/08/05/security-firm-russian-hackers-amassed-1-2-billion-web-credentials/), and Airplanes Can Be Hacked via In-Flight Wi-Fi Systems (https://www.yahoo.com/tech/researcher-says-airplanes-can-be-hacked-via-in-flight-93967652124.html) If you’re like me, you can’t help but gloss over news stories like this. Which is more shocking: the apparent ease with which nefarious groups accomplish feats of this kind, or the lack of a response from the tech community? Either way, the takeaway is very grim – the bad guys are winning, despite all the press that IoT Security gets everyday.
Where did we go wrong? Chalk it up to not having a crystal ball, the developers who created the underlying technologies that make up our modern internet and computing systems did not foresee the potential for evildoing on such a scale. Security was an afterthought in the early days, and most developers likely thought either that they didn’t need it for their small piece of the puzzle, or that they could add it in later.
What we’ve learned is that the web is now composed of many interlocking parts that are inherently insecure, and they are firmly stove piped into the infrastructure. If we could go back in time and do it all over again, we would be smarter: the default should have been security on, for the day you eventually will need it – not security off, because you don’t need it yet. Well, we can go back in a way: The IoT is still at its infancy. With this new internet, we can do it right.
2. How do we get better?
Some examples of security done right do exist: Bluetooth Low Energy, Wi-Fi WPA2, Cell phone sim cards.
What do these all have in common? Security concerns where considered from the start, and designed into the system architecture. In short, you can’t retrofit security.
So for a company that specializes in making some specific IOT application solution that wants to add wireless connectivity – the wrong approach: to grab an RF-enabled IC and spin it into the next rev of their product designs. They likely won’t have the security expertise and will make mistakes.
The right approach: bring in an integrated high level solution, like Link Labs IOT Networking solutions. We’ve done the ground work the right way from the start, utilizing our many years of experience in security work for the intelligence community. Using our wireless modules and gateways gives the peace of mind of having next generation wireless security – from the chipset on the end node all the way to the back end database – without expensive security consultants, without CPU-hungry encryption algorithms, and without any headaches five years later.