Avatar photo

Freelance journalist

Author Bio ▼

Experienced freelance B2B journalist and editor, specialising in fields of renewable energy, energy storage, smart grids and nanotech.
March 16, 2017

Download

Lithium-Ion batteries. A guide to the fire risk that isn’t going away but can be managed

Internet of things

Security usually an afterthought in design of IoT devices, says KPMG’s cybersecurity practice

Gadgets and appliances that connect to the internet are not being designed with security in mind, according to global consultancy KPMG.

Commenting on the security vulnerabilities that have been uncovered of late in smartphones, internet-connected TVs and other devices, Martijn Verbree, a partner in KPMG’s cybersecurity practice, said security vulnerabilities exist in most internet-connected devices on the market today.

According to his findings, when internet-connected devices go into production, security is often an afterthought in the design process, whereas it should be a key criteria from the outset.

As an example many digital TVs have been designed with some computing functionality, such as an operating system, apps, sensors and Wi-Fi connection bolted on.

Verbree said: “The lack of security by design will change over time when the industry matures: we have already seen this take place with smart phones, which are now a lot better protected and better patched, although far from secure.”

While vulnerabilities uncovered by KPMG’s research pose a low risk to the general public today, reverse engineering can lead to a piece of malware being installed in an internet TV, for example by the owner downloading an infected app.

“Fixing this will be hard and the most likely fix will be via a software patch. But the challenges are, what other vulnerabilities already exist and how manufacturers get the patches out?” he said.

He urged vendors to take responsibility and provide fixes to vulnerable devices, even if they exceed the warranty period.

Listen to the IFSEC Insider podcast!

Each month, the IFSEC Insider (formerly IFSEC Global) Security in Focus podcast brings you conversations with leading figures in the physical security industry. Covering everything from risk management principles and building a security culture, to the key trends ahead in tech and initiatives on diversity and inclusivity, the podcast keeps security professionals up to date with the latest hot topics in the sector.

Available online, and on Spotify, Apple Podcasts and Google Podcasts, tune in for an easy way to remain up to date on the issues affecting your role.

IFSECInsiderPodcastLogo

Related Topics

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Topics: