Skip main navigation

IoT security issues

This step discusses common IoT security issues.
Two colleagues in office on ipad

IoT applications are growing, but security for IoT projects and deployments remain a major obstacle for both organisations and users.

These obstacles include: trusting the identity of the IoT device to get connected to, poor testing, open-source and proprietary software integration vulnerabilities, unpatched vulnerabilities, weak or default passwords, and vulnerable APIs used to interface a particular IoT device with other applications. Some other vulnerabilities of IoT devices include physical tampering (such as the installation of malware), lack of data encryption, and lack of update mechanisms (meaning there is often no way to address discovered vulnerabilities without replacing the device entirely).

Security is an important part of almost every online product or service and yet it is often neglected in the development of IoT devices and systems. Whilst complete security is likely to be elusive given the ever-changing online environment, developers and technology companies need to do all they can to ensure rigorous defences and to make it as difficult as possible for adversaries to penetrate these defences.

With that in mind, there are two important sets of IoT security guidelines to be aware of that assist in designing, developing and deploying secure IoT products – these are the IoT Security Foundation’s Secure Design Best Practice Guides, and the Australian Government’s voluntary Code of Practice: Securing the IoT for Consumers.

The IoTSF secure design best practice

The IoT Security Foundation (IoTSF) is a collaborative, non-profit, international response to the complex challenges posed by security in the increasingly cyber-connected world. The key objectives of the IoTSF include, among others, to improve capacity and the levels of security expertise throughout the IoT sector. The Foundation supports this by developing and maintaining a comprehensive security assurance framework of recommended steps for creating secure IoT products and services.

According to IoTSF, it is important for organisations to have core security goals and objectives aligned with their business objectives to drive their security posture, and that they consistently keep such goals and objectives front of mind. When applied with security design best practices, this helps ensure a strong security foundation at the design level.

Want to know more?

Read

A brief overview of the IoTSF defence objectives and security design best practices can be found at:

Watch

Watch this IoTSF video that introduces the IoT Security Foundation Best Practice Guidelines for Connected Consumer Products:

© RMIT 2023
This article is from the free online

Security by Design

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now