By now, it’s no secret that Internet of Things (IoTs) security is a mess, nor is it a mystery why. IoT represents something of a renaissance for multiple industries and verticals. Hundreds−perhaps even thousands−of organizations are tapping into technology like connected sensors and cloud platforms to deliver a better experience to their users.
You’ve already seen many such products on the market. Smart refrigerators that detect when you’re out of milk. Smart TV systems that respond to voice commands. Thermostats that allow you to control the temperature and humidity in your home from your smartphone. And there are many enterprise applications, as well.
This stuff is all awesome, and it only represents the tip of the iceberg. The IoT can do much, much more. There’s just one problem.
Very few manufacturers have any concept of cybersecurity where product design is concerned. Historically, it's not something they've ever really had to bother with, aside from the basic internal stuff. And that means scores of products are hitting the market laden with vulnerabilities.
Vulnerabilities that can be used to do some really scary stuff, like create botnets large enough to take down massive ISPs.
“The ease with which hackers can exploit security vulnerabilities in these cheap and plentiful devices to enslave them into million-strong zombie armies is disturbing,” writes Justin Warren, Chief Analyst at PivotNine Consultants and Advisors. “It threatens the reliability of the Internet upon which millions of people have come to depend.”
DDOS attacks aside, IoT devices represent a wide range of other vulnerabilities, as well. An unsecured coffee machine can infect an entire network with ransomware or serve as a doorway for a hacker looking to exfiltrate data. And the damage that can be caused by a hacked IoT device has been well-documented.
The prevailing narrative is a grim one. There’s no easy solution to these problems. Legislators and regulators are, as always, going to take a long time to catch up to technology, and in the meantime, manufacturers will continue to rush products to market with little care for whether they’re vulnerable.
What if I told you there’s a solution on the horizon?
You’ve doubtless heard of blockchain, the ‘distributed ledger’ tech that acts as the under-the-hood infrastructure for cryptocurrency like bitcoin. How it works is deceptively simple. In blockchain, the records in a data chain are distributed across multiple systems.
Each time someone wants to add a transaction to the chain, it must be approved by all participants involved with the chain - each node in the system must validate each new transaction. Eventually, a set of approved transactions is bundled into something known as a ‘block,’ and then added to the chain.
Each block additionally contains a hash from the previous block, linking everything together. That's cool and all, but what does any of this have to do with IoT? Everything.
Security, privacy, and verification are foundational elements of IoT security, as is scalability. These are all things blockchain provides - and in a decentralized fashion that’s well-suited to the distributed nature of the Internet of Things. Per the Forbes Technology Council, a specialized blockchain could provide a few very valuable things to connected devices:
- A distributed system of record to ensure data integrity can be maintained across a network
- The ability to easily automate interactions between system nodes
- Hash-based security to better protect both nodes and devices
- A consensus-based model for detecting bad actors and applying threat mitigation
- The ability to record metadata and determine the decision trees of each IoT device in a network
- The ability to publish secure software updates via blockchain
- Better security for automated payments and micropayments
Blockchain might not be the golden goose to all of IoT’s security roles. But at the very least, it will prove invaluable in addressing data privacy and protecting data streams across connected devices. It’s a good first step - even if there’s still a long way to go.