Without security, the vision of Internet of Things cannot come true.
I was told in a meeting recently that security is a defensive investment – just like insurance. You don’t make money out of security. This is probably why as developers, we get there last when we build something.
The problem is, when everything gets connected as in IOT, and the devices are far from the eye and numerous – we can no longer ignore security and have to give it top priority.
The latest security flaw making waves last month was Shellshock, affecting Unix based systems (=Linux=almost everything) running bash shell command. You can find more information on Tom’s Guide about Shellshock.
Geek & Poke puts it nicely as well:
Simple. Concise. Gets the point through.
What are going to be the foundation of a good secure architecture? I don’t know.
What I do know, is that the basics of it all must be the ability to upgrade the device’s firmware remotely and automatically at all times. Just like most modern browsers do today.
We should not and cannot rely on users to do it these days. My wife never upgrades her apps on the phone. I do it for her once every weeks or so, just to keep her up to date. I used to care in the past, but Chrome taught me to expect the latest version to be there at all times.
For IOT to work, we need chipset manufacturers and device manufacturers to get their act together and make sure their “things” are upgradable over the network automatically. We should also demand that they maintain and update their “things” from security risks years after those “things” got acquired. Otherwise, we will never be able to get to an IOT utopia. What we will be left with will not be a smart home, but rather a smart house of cards.