Are M2M security solutions necessary for IoT?

Are M2M security solutions necessary for IoT?

Guest post by Eva Enanoria, LeadingQuest.

As more equipment manufacturers and developers, particularly for consumer appliances, are catching up with the evolution of the Internet of Things (IoT) and as most of these devices become M2M connected, new technologies and solutions are beginning to emerge, further speeding up the growth of IoT and facilitating a much smoother adoption process for industries and consumer sections. We are moving into a world where everything will be connected eventually. Several reports have indicated how huge the IoT will become. Today, the market is already big and it is expected to grow even more in the next couple years – up to 5 billion devices connected via a cellular network could be operational in 2020.

All the same, with every new technology comes questions, compatibility issues and security hazards. M2M communication and the IoT is not an exception. M2M connections come with security requirements that needs to be in place to ensure that connections are safe, information is safeguarded and privacy is kept, making them invulnerable to hacking, manipulation and other network threats, thus M2M security solutions are vital.

Agreeing to a report from AdaptiveMobile, there are five specific security threat points. The first point is the nature of M2M solutions, where devices can be unchecked for long periods of time. Security consultant, Chathal McDaid said:

“Many of these devices will see little human intervention for weeks or even months, so exploited vulnerabilities may go undetected for a considerable length of time, increasing their impact.”

The second threat they pointed out is the lack of patches for these solutions. This may also be brought by the lack of openness in the system. Most of these solutions do not have an open-source platform, where developers can create patches for bugs that become a potential security threat. Take for instance, healthcare applications. The role of these devices is to perform and are expected to work for expressly long-life requiring little possibility of upgrading the system.

The next point, according to AdaptiveMobile, is that mobile M2M devices are static devices, mostly embedded and are not easily gotten rid of. Replacing these devices for upgrades can be costly and impractical. Why fix something that is not broken right? However, the lack of patch mentality comes into place once again. Another point is that it can be difficult to include M2M security solutions integrated with some single-task M2M devices. Lastly, the effect of these threats could be more profound depending on the nature of the attack or threat. A security breach against a bank or an account may be an unpleasant. But imagine the kind of attack that could be done on a heart monitor.

AdaptiveMobile said that 100% prevention must be the target and not the cure, which is the traditional approach in digital computing. This means that new M2M security solutions at a network level must be created and delivered.

McDaid said:
“With 86% of consumers stating that they see potential risks in M2M technologies, the general public is clearly aware of the challenges present in this new world of communications. To protect subscriber trust in these services, and the core technology, operators must protect them from any security flaws or exploitation from third parties. If operators secure the communications, then subscribers can rest assured that their protection is taken care of.”

Context Information Security, a provider of technical security consultancy, on the other hand, believes that complementary solutions will help ensure that various machines and appliances connected to the network will not create any security risk to the consumers. Context has worked with LIFX on developing a firmware to rectify security issues with their Wi-Fi enabled, energy efficient LED light bulbs. Context also encrypted the network traffic using an encryption key derived from Wi-Fi credentials as well as secure on-boarding of new bulbs onto the network.

Complementary solutions at the same will enable manufacturers to make an assessment on their products security levels before these products are made available to the market. This should help save operational cost and in effect increase customer satisfaction.

“In some cases, these vulnerabilities can be overcome relatively quickly and easily… In other cases the vulnerabilities are fundamental to the design of the products. What is important is that these measures are built into all IoT devices from the start and if vulnerabilities are discovered, which seems to be the case with many IoT companies, they are fixed promptly before users are affected.”

Related posts