Vulnerabilities were recently detected with popular Snoo Smart Bassinet products (which makes smart devices for babies, like cribs). While these vulnerabilities have now been patched, the weakness allowed hackers to shake babies and play loud sounds. These flaws highlight the importance of prioritizing security in an IoT project’s lifecycle, namely adopting a zero trust approach to make sure every one of the devices’ actions are authenticated.
To understand the implications of these types of systematic vulnerabilities, Digital Journal caught up with Ben Goodman, CISSP and SVP at ForgeRock to look at how security flaws in relation to IoT technologies can best be avoided.
Goodman says that: “IoT is revolutionizing industries from agriculture to consumer goods with connected devices – creating a complex web of captured data and command and control information traveling all types of networks.” In relation to this, IDC estimates there will be nearly 42 billion connected IoT devices in 2025.
Goodman explains that “this means organizations producing connected devices must hold themselves accountable for securing the IoT device for the full product lifecycle. Unfortunately, IoT projects often prioritize connectivity and data consumption, with security and privacy as afterthoughts.”
With the lessons to be drawn, Goodman notes: “Companies bringing IoT devices to market must take a zero-trust approach to security, never assuming that a network is secure, and ensuring every single action taken is properly authenticated and authorized. Consider incorporating device authentication and authorization, leveraging root of trust-based signing and encryption, and securing device attestation to make this possible.”
Concluding,. Goodman states: “IoT is here to stay. As such, the identities of connected devices, services and users, along with their associated credentials, must be trusted across connected ecosystems.”