The Rising Concern of Cybersecurity in IoT Devices
Internet of Things (IoT) security: Assessing the impact of the US Cyber Trust Mark
In the span of fifty years, computing equipment has seen remarkable advancements. Today, consumer devices, such as video cameras, baby monitors, smart thermostats, doorbells, voice assistants, and even color-changing light bulbs, double as miniature computers connected to the internet. These devices collectively known as the 'Internet of Things' (IoT) have become inexpensive yet capable of gathering and autonomously uploading intimate personal data. Given the surge in popularity and low cost of these devices, concerns regarding their security have grown.
Cybercrime, primarily in the form of malware, has been a significant issue since the 1990s when viruses like Melissa and the Love Bug spread worldwide via email. In response, cybercriminals began seeking ways to make illegal profits through software-based cybercrime methods like banking Trojans and keyloggers. As a result, cybersecurity has become an indispensable aspect, and software manufacturers have taken proactive measures to fortify their systems.
Unfortunately, IoT devices were not immune to the neglect of cybersecurity measures during their development. In the 1990s, mass-market operating systems like Microsoft Windows lacked essential defenses against remote exploitation. The absence of data execution prevention (DEP), buffer overflow detection, and address space layout randomization (ASLR) exposed these devices to remote code execution vulnerabilities. Moreover, sloppy memory management often led to exploitable bugs that persist even today.
While proactive protections like DEP, ASLR, and others have become standard in modern operating systems, exploitable vulnerabilities continue to emerge in IoT devices. The budget-conscious market for these devices raises questions about the level of investment allocated to security in their design and development. Moreover, it is difficult for consumers to determine if unpatched and potentially dangerous bugs affect their devices, as many seemingly independent vendors sell identical devices based on the same hardware and software, making it challenging to discern differences among them.
In a bid to enhance online safety, the US government has launched the US Cyber Trust Mark for consumer connected devices. Vendors that pass a series of basic tests led by a chosen third-party administrator will be allowed to display a Cyber Trust Mark on their products. Products displaying this mark must provide a web link to online documentation detailing the steps users must take to set up the device securely. While this initiative is a positive step forward, more work is required to compel manufacturers to prioritize security in the development of IoT devices.
As consumers, it is imperative to take a proactive stance in safeguarding our devices. If in doubt, it is advisable not to install an insecure IoT device on your network. Seek advice from a trusted technical friend before purchasing a device to avoid potential cyber threats.
Paul Ducklin, a seasoned expert in the cybersecurity industry, asserts that cybersecurity remains a crucial aspect in securing our devices. Ducklin warns of the importance of staying vigilant and seeking advice from trusted sources in an effort to combat the growing threat of cybercrime.
Image source: Gavin Allanwood via Unsplash
Cybersecurity remains a vital component in securing IoT devices, given the increasing threats posed by cybercriminals in the finance and technology sectors. As Paul Ducklin, an industry expert, advises, it's essential to remain vigilant and seek advice from trusted sources to combat the growing cyber threat. The US government's Cyber Trust Mark initiative is a positive step towards enhancing online safety, but more efforts are needed to ensure manufacturers prioritize security in IoT device development.
%20security%3A%20Assessing%20the%20impact%20of%20the%20US%20Cyber%20Trust%20Mark){kind=link}