The Internet of Things Alliance Australia (IoTAA) recently welcomed the Five Eyes (FVEY) Statement of Intent regarding the security of the Internet of Things as a positive step towards improving IoT security for businesses and consumers.
The Five Eyes intelligence alliance, which comprises of Australia, Canada, New Zealand, the United Kingdom, and the United States acknowledged the twin realities that network connected devices, systems and services comprising IoT create both immense opportunities and benefits for our society, and that many of these devices lack basic security features that pose serious consequences for individuals, economies and nations.
The statement of intent recognises that IoT security is a global threat and cannot be addressed by any single manufacturer or government. It requires a collaborative effort by all stakeholders to ensure that security and safety is a routine design feature, not a plug in, or afterthought.
IoTAA members have long held the belief that cooperation globally with fellow industry alliances and governments is critical to effectively addressing security, and we look forward to this next exciting phase of continuing to improve IoT security for Australia, and the world.
For years now there have been a plethora of reports around IoT device security being compromised, affecting user privacy and safety.
A quick search turns up a couple of notable instances of this, that affect internet connected Teddy Bears, yes, cute, fluffy stuffed toys with an internet connection! Vendors are claiming that “everything” will soon be connected. It is like the story of the internet toaster suffering an existential crisis and asking “why am I here?”
The first compromised naughty Teddy made the news in early 2017, when the vendor left up to 800,000 records exposed, including emails and passwords, and over 2 million message recordings exposed. Attackers used this in ransom attempts and could easily have used the bears to spy on their owners.
The second Teddy, Teddy Ruxpin, was hacked in 2018 and demonstrated at the Defcon security conference. Where it’s electronic eyes were changed to display the Defcon logo and it was altered to say “Hack the planet!”
IoTAA Alliance volunteers have been working to help provide guidance to manufacturers and consumers releasing a robust IoT Reference Framework, and developing the IoT Trust Mark Certification scheme and IoT Security Awareness Guides planning is advanced.
IoT is recognised as one of the biggest growth industries. Information presented during a security workshop at the recent IoT Impact conference in Sydney, Gregory Miller of the Department of Home Affairs, highlighted the following key figures;
- It is expected that by 2025 over 64 billion IoT devices will exist globally.
- There are 127 new devices connected to the Internet per second. And,
- That Australia’s consumer IoT market grew by over 50% in 2017-18.
Gregory also noted that increased use of IoT devices will create more vulnerabilities in networks and that those with malicious intent can take advantage of vulnerable products that prioritise improved functionality and convenience at the expense of effective security practices.
IoT enabled device manufacturer’s need guidance on what minimum security must be built into their products and services and consumers need assurance that the products comply with these standards. The IoTAA looks forward to continuing to provide independent advice and guidance and welcomes the Government to collaborate, and invest in, the Alliance’s IoT Security programs.