Can Google make the Internet of Things more secure?

Google and other tech giants have come together to create a list of recommendations for IoT manufacturers to make the items more secure.

Marcio Jose Sanchez/AP/File
Google is headquartered in Mountain View, Calif.

If you are a modern consumer with a penchant for modern technology, it is likely that your thermometer is connected to it. So is your stereo, and maybe even your car. But is the Internet of Things secure?

A new report by the Broadband Internet Technical Advisory Group (BITAG) released on Wednesday addresses security and the Internet of Things (IoT). The group of industry leaders and academics offered recommendations to policy makers, device manufacturers, and consumers to help protect security in the future.

"It's definitely an ISP (internet service provider) problem as well as a consumer and a device manufacturer problem," said Princeton University computer science professor Nick Feamster, according to Phys.org. 

“When we talk about insecure IoT devices, we can talk about securing the devices, but we can also take a complementary view and say, 'Let's assume the devices may be difficult to secure and it may be difficult to follow these recommendations – maybe there's a role for in-home networking technology to basically firewall or segment to protect these devices from each other or from the rest of the internet.'"

Internet connected devices are ever more an integral part of daily life in the modern world, but in the bustle of daily life, many users forget or neglect to update the software on those devices. That simple omission can leave devices vulnerable to hacking – a significant threat in an age when our devices know quite a lot about us.

For that reason, BITAG directed this week’s report primarily at policy makers and device designers – human nature, report authors said, is to trust devices and let little things such as poor passwords or software updates slip by. For that reason, it is up to policymakers and device manufacturers to design out human carelessness and protect security.

“It is safe to assume that most end users will never take action on their own to update software,” wrote BITAG in the report.

BITAG authors therefore recommended that device makers build in automatic, over-the-air updating tools that take the responsibility for necessary updates out of the hands of users.

Internet-connected devices are not only privy to a great deal of personal information, but they are also easily hacked by individuals who want to bring the internet to a standstill. Just this fall, hackers used home devices to slow internet traffic along the East Coast.

The interconnectivity of IoT devices is also a sticking point for security experts, who say that better segmentation in household networks could help isolate security threats when one or more individual devices are weaker than others.

Other recommendations include best practices for data encryption and communication authentication.

Some of the report’s authors are concerned that because many of the report’s findings seem so common-sense, it will be hard for people to take them seriously. But experts say that it is important to heed this advice, even if it is costly.

"Some of these recommendations sound obvious but it's not so obvious that they should go one way or another," Dr. Feamster said. "Take secure over-the-network software updates – and the ability to update credentials on a device – those sound like basically good ideas. But there's obviously a cost to doing that: what do you do about that when the cost of the device is 99 cents, so the cost of updating it may exceed the cost of deploying it?"

Report writers say that they hope that connected device manufacturers will heed their recommendations, as well as policy makers.

"I also think it could serve as a little bit of a call to action to the IoT device manufacturers to try to figure out how they can band together and try to develop some kind of certification programs for security."

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Can Google make the Internet of Things more secure?
Read this article in
https://www.csmonitor.com/Technology/2016/1123/Can-Google-make-the-Internet-of-Things-more-secure
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe