Securing Internet-of-Things Is Not Rocket Science

In our current year 2018, we have witnessed the smartphone and tablet markets both plateauing. It is fairly difficult for a typical mobile device manufacturer to continue increasing their sales (well except for Apple and the new Chinese Player Huawei). All vendors of phones except Apple are in decline in the western markets, as the growth potential is zero. In the west, all people that want a mobile phone or a tablet typically already have one or if none can buy one cheap.

The global market is following suit, as year-on-year the smartphone and tablet market are shrinking, there is limit on how much the hardware and even software can be improved for a device that fits our packets and our purse bags. These devices have reached the maturity similar to the PC and laptop, where the next high-end model for 2019 will never be as better than the device of the previous generation to warrant even higher prices than its predecessor.

But that does not mean that the sector of gadgets will remain stagnant, as phones and tablets mature, new market opens for the curious amongst us: IoT devices. Iot stands for Internet-of-Things device, in plain English, IoT are common appliances with Internet connectivity and smart (uses apps) capability to extend its functionality beyond what was available fresh from the factory.

IoT devices became common as manufacturers of household appliance added computing and internet connection capabilities. The transition of manufacturing ‘dumb’ appliances to IoT appliances becomes seamless, because vendors will always want to market something “with more features.” This enables those that already have light bulbs, TV, thermostat and other ‘dumb’ appliances at home to again repurchase those same appliances, but this time with Internet connectivity and app ecosystem.

The big problem that those same vendors never explained to the Joe and Jill, the common consumer of appliances making those devices connected to the Internet literally made them specialized computers. Computers, whether general-type like the laptop or specialized computer like those that runs car assembly lines have an operating system, application software, firmware and other components to make it work with the packet switching protocol of the Internet.

This requires constant patches, which updates the operating system, application software and firmware of the IoT device in order to close active vulnerabilities and weaknesses. That is something a typical Chinese-made IoT device cannot offer, as the cost of maintaining the software, firmware and the underlying operating system is way beyond the cost of each IoT light bulbs for example.

This apparent proliferation and commoditization of Internet-of-Things devices are big advantages for the cybercriminals. Just imagine the number of computing devices, vulnerable computing devices just waiting to be infected, becoming part of their evergrowing botnet. It will take awhile for all those IoT devices to standardize to a few known operating system, there are two strong contenders to set a common OS for all of those types of devices. These are the Azure Sphere from Microsoft and Android Things by Google. Until such time that those discrete devices adapts either of the two OS mentioned, the best case for securing IoT is installing them behind a router. While behind the router, IoT devices are taking advantage of the security provided by Network Address Translation, much better compared to directly being connected to the Internet.