Internet of Things Connected Devices Are Inherently Insecure, Say Tech Experts

January 24, 2021 –Internet of Things  connected devices are inherently unsecure, said Scott Poretsky, director of security at Ericsson, speaking at a Federal Communications Bar Association event on Thursday. Resolving the security risks is all the more pressing with the coronavirus pandemic having g

Internet of Things Connected Devices Are Inherently Insecure, Say Tech Experts
Screen shot of Steve Augustino, Partner at Kelley Drye & Warren LLP moderates a discussion with Scott Poretsky and Rafi Martina.

January 24, 2021 –Internet of Things  connected devices are inherently unsecure, said Scott Poretsky, director of security at Ericsson, speaking at a Federal Communications Bar Association event on Thursday.

Resolving the security risks is all the more pressing with the coronavirus pandemic having generated great interest in enabling people to work in situations without being physically present.

A major sector of growth in IoT technologies is in health care, with virtual telehealth appointments and devices connecting patients with their doctors.

Unlike the common smartphone, IoT devices are not built with the same general-interest purpose in mind. IoT devices such as a smart toothbrush are only built to do a specific task. Hence that enables a long battery life.

Because IoT devices are built with such specific tasks, they lack powerful processing power. That leaves them vulnerable. And limited processing power means IoT devices don’t have room for security features. Too many open ports and too few layers of security, including mass-produced factory password settings, are wide open to cyber-attacks.

Additionally, low-cost devices infrequently receive firmware updates and software patches to fix security threats leaving consumers helpless.

Users of IoT devices need to know and do more to protect themselves from cyberattacks. Legislation has been passed to boost cybersecurity for IoT devices, said Rafi Martina, senior policy advisor for Sen. Mark Warner, D-Virginia.

Warner introduced the now-passed Internet of Things  Cybersecurity Improvement Act. It requires the National Institute of Standards and Technology (NIST) to issue recommendations addressing secure development, identity management, patching, and configuration management for IoT devices.

Martina said vendors need to stop bad developer practices, close unnecessary open ports, and enhance support for security in devices that range from internet-connected home video cameras to light bulbs, doorbells and other home appliances.

According to the FCBA session description for the event:

A defining characteristic of the Internet of Things (IoT) is that devices are capable of communicating with each other and the world at large.  As these “always connected” devices are more broadly deployed and handle more complex tasks, protecting the security of these devices becomes more difficult.

Moreover, security is not the responsibility of any single entity in the ecosystem alone, requiring a layered approach to cybersecurity.  In this program, speakers will discuss what is being done by the industry and the federal government to improve cybersecurity in IoT.  We will discuss ways to establish transparency, traceability and trustworthiness in IoT ecosystems and the role the federal government plays in IoT security through the IoT Cybersecurity Act of 2020 and NIST’s Cybersecurity for IoT program, among others.