Three IoT security lessons to learn from Jeep hackers

Last updated: 26 January 2023

IoT security 08.07.16

Last year, hackers demonstrated to us how the IoT, when unsecured, can be used to hack a Jeep remotely while it’s in the middle of a highway. A scary scenario. It served as a wake-up call for many in the automotive industry, especially those at Jeep who promptly issued a patch for the vulnerability.

Since then, the company behind the Jeep hack, IOActive, has come out with a survey claiming that nine out of every 10 IoT devices on the market today have not been designed with adequate security. These figures are concerning and should serve as a reminder to everyone how we must strengthen our commitment to IoT security. Below, we list out the three key lessons we must learn about IoT security practice and policy.

  1. Security must be the number 1 priority for IoT

The potential of the IoT is seemingly unlimited – new innovations are being made every day. This is brilliant for the IoT market as a whole; however, security thinking must be properly integrated into the innovation process. Currently, many IoT developers choose (understandably) to work in an agile manner, in an off-network sandbox which enables them to experiment and innovate more rapidly. In this environment, security is often an afterthought, and is not implemented until the later stages. It’s important we recognize that secure products need to be built with security in mind from the ground up – security solutions shouldn’t just be added on at the end of the process. Instead, securing the device should be the first pillar.

  1. The onus of responsibility should be with manufacturers/developers, not with end users

Some companies have resorted to including disclaimers with their products to ensure they’re not held liable for any security exploits. This sets a dangerous precedent; one that passes on the responsibility to end users. Of course, end users should be encouraged to be responsible and take all the care they can… but this can’t relieve the manufacturers of responsibility. If IOActive’s figure of nine out of 10 devices being vulnerable is accurate, we can’t expect end users to be bridging the gap.

  1. We need to keep driving IoT security innovation

The IoT, on many levels, is about discovering new ways of doing things. This means new form factors that we haven’t used before – this could also mean new attack vectors for hackers. For example, USB or OTA software updates for vehicles provides a new attack vector for criminals – we need to ensure we find ways to secure against these possibilities. In short, we’ll need new solutions to protect against new opportunities for exploitation.

 

Join Gemalto for an IoT Security Webinar

Securing the IoT – How to build a foundation of Trust

Tuesday, July 12th, 2016: 17:00 – 18:00 CEST

To learn more about Gemalto’s IoT security approach and how to build a foundation of trust for your solutions, register to attend our complimentary Webinar on Tuesday, July 12th at 5pm CEST.

Register for the complimentary webinar!

Unsurprisingly, given the third lesson above, innovation is very important to us here at Gemalto. That’s why we are proud sponsors of the Security Award at the IoT/M2M Innovation World Cup this year, for the second time. Through this, we hope to bring forward our message of bringing trust to the IoT. Eligible contestants can apply to receive a free Cinterion® Concept Board to fast-track their innovations and receive free support in the Gemalto Developer Community. Once a greater trust is established, the opportunity for businesses to Connect, Secure, and Monetize the IoT will be better than ever. For more info on this, see here.

IoT security in text image 08.07.16

What do you think the key lessons to be learned from the IOActive survey are? Let us know by tweeting to us at @Gemalto, or by posting a comment below.

Leave a Reply

Your email address will not be published. Required fields are marked *