Alexei Balaganski - The Sorry State of Consumer IoT Security and How Can We Possibly Fix it
The Internet of Things has already become an integral part of our daily lives, whether we like it or not. In the office, at home, and even in the street, we are surrounded by a multitude of smart devices ranging from smart TVs and fridges to network routers, voice assistants and parking meters. No matter how different their functionality is, however, all these “things” share two major common traits: they are all connected to the public Internet and they lack the most basic security controls.
For decades, security was never a priority for embedded device manufacturers. Modern companies selling smart consumer devices still lack both expertise and budgets for making their products Secure by Design. Lack of regulation in this area doesn’t help either. As a result, vulnerabilities in consumer IoT products have already led to a number of security breaches on a massive scale: ranging from DDoS attack using huge botnets of hijacked cameras and routers to targeted attacks on corporate data using fish tank pumps.
As the number of consumer-grade IoT devices used by enterprises continues to grow, we can only brace for even larger attacks in the future. Or, instead of waiting for vendors or governments to do their job, we could start acting on our own. In this session, we are going to discuss the enterprise IT risks caused by consumer IoT devices and look into potential ways to incorporate them into existing enterprise security and identity infrastructures.