When it comes to measuring the security of Internet of Things devices, a checklist for ’low hanging fruit’ security features like strong passwords and hardened firmware is a good place to start. But (much) more is needed, says Mike Sheward of Particle.io.
IoT is such a remarkably broad term, encompassing everything from the connected smart speakers that you’ll find in the typical home, to the industrial systems that control furnaces and pumps that you won’t – unless someone has a particularly unusual living arrangement. This broad definition is one of the reasons IoT is such a fascinating industry to work in, and also why it can be a challenge to define a uniform security standard for devices to conform with.
Listening to private conversations in a residence, or disrupting the water supply to an entire town are two very valid security concerns, but with differing blast radii in terms of impact. So when we talk about IoT security, it’s important to remember this context and build security standards that are flexible enough to span the entire spectrum of devices out there.
There are some things of course, that are foundational, and go a long way to ensuring a general security baseline. Hidden backdoor accounts and default, unchangeable, weak passwords, have long been the downfall of many a device. Similarly, bloated firmware with unnecessary running services and tools left on a device can be leveraged by a malicious actor to do