What Is The Internet of Things?

by Chris Riminton on 4th February 2022

The internet of things refers to a network of devices that have a way of connecting to the internet. In recent years the number of IoT devices has increased. 5 or maybe 10 years ago most homes would have had far fewer devices connected to their home network. They may have had a couple of smartphones, some computers and possibly even a smart TV. With the rise of smart home devices and home security products, the number of internet-connected devices has risen dramatically. More recently the number of devices in your home connected to the internet is endless. Most homes now feature at least a few of the following devices:

  • speaker (Alex/Google Speaker)
  • Lightbulbs
  • Doorbells (Ring)
  • CCTV cameras
  • Locks
  • Smoke alarms
  • Thermostats
  • Plug sockets

What’s the issue with so many IoT devices?

IoT devices are often bundled with security flaws or very little security implementation. IoT devices often utilise default manufacturer passwords including ‘admin’ ‘password’ and ‘root’. This combination of security vulnerabilities and default passwords matched with a device that is 24/7 connected to the internet can be a danger not only to the owner of the IoT device but to all of us.

Vulnerable devices are now being used to perform DDoS attacks on businesses and systems. A DDoS attack works by flooding a network or system with more traffic than it can handle. Compromised IoT devices can be instructed to send network traffic to a server. One IoT device sending traffic is not going to have a devastating impact however if you have hundreds possibly thousands of devices all targeting a system it can cause real damage.

What action is being taken?

In December 2021, the U.K. government introduced the Product Security and Telecommunications Infrastructure bill (PST) in Parliament. This bill is designed to tackle the security vulnerabilities and make manufacturers more responsible for the devices that they make. One of the measures included in the bill is for the ban of manufacturers using any default generic login details. Many end-users do not change any of the login details on their IoT devices so can often be left for most of its life with a serious security risk.

Another measure the bill will introduce is the manufacturer’s requirement to keep end users up to date with security updates and how long their device will receive security updates.

What does this bill mean for me?

This bill marks a big change in making IoT devices more secure and ensuring these devices that most homes now have are not part of hacking or malicious activity on the internet. It is a bill that actually bans the use of easy to guess default passwords, not just recommends they be changed. It means the end-user with the device is more secure and is not unwillingly part of a DDoS attack and also systems and servers will be less likely to be attacked by IoT devices.

While the changes are a positive step it has also been highlighted how the bill does not go far enough and how consumers could still be caught out. As mentioned the bill will require a manufacturer to detail how long it will support a device and provide security updates. The concern is that once devices reach these end of life dates that manufacturers will discount these devices, enticing consumers to purchase devices that may have security vulnerabilities.

Related Posts