Security Is Your Job

Designing for the Internet of Things

Alasdair Allan
13 min readFeb 26, 2019

--

This is the sixth and final article in a series on designing connected devices, the previous article in the series is “Time to Market vs Common Sense,” and talks about manufacturing as a startup. Links to all six articles can be found in the series overview.

Security has to be one of the first thing you consider when you design a connected device. Consumers are far more sensitive about data generated from things they can touch, and handle, than they ever have about data on the web. Big data is all very well when it is harvested quietly, silently, and stealthily, behind the scenes on the web. Because, to a lot of people, the digital Internet still isn’t the as real as the outside world. But it’s going to be a different matter altogether when their things tell tales on them behind their backs.

Ignoring security for a connected device, or even leaving till later in the development process, is a mistake. It needs to be engineered into your device, and your thinking from the start. These seemingly smart devices are attractive to hackers because for a lot of manufacturers security is still viewed as an afterthought.

It’s well established that most consumers currently treat their home router just like any other piece of electronics and that for many, the password is still the same default passwords the router shipped with from the factory. There’s no reason to suspect that most consumers will treat the coming wave of connected devices any differently. In fact as smart devices take over the home most consumers will treat them in the same way that they treat the dumb devices they’re replacing. Whatever security scheme is implemented by the device should take this tendency into account. If a user’s refrigerator can be recruited into a botnet it’s not going to generate good publicity for the manufacturer.

A Unique Security Problem

--

--

Alasdair Allan

Scientist, Author, Hacker, Maker, and Journalist.