The Internet of Things (IoT) technology has the potential to revolutionize our everyday lives. In fact, it's already doing as much in many parts of the world and quite a few industry experts are predicting IoT will be the key component of the next tech revolution. However, with great popularity comes great responsibility. The rising number of active IoT devices worldwide directly translates to a growing number of potential targets for malicious hackers. As time goes on, this problem is gradually becoming more apparent, and many industry professionals have already called for improved IoT security, adding how there isn't another way to combat the rising number of botnets, networks of hacked, "zombie" devices used for distributed denial of service (DDoS) attacks.
Earlier this week, one of the largest global authorities on the IoT technology chipped in on the issue. Namely, the Broadband Internet Technical Advisory Group (BITAG) — an initiative established by many Silicon Valley giants such as Google, Intel, and Microsoft — published a set of guidelines designed to improve the overall level of security of IoT devices. BITAG's report on the technical aspects of the IoT technology states that IoT devices raise some unprecedented security and privacy risks, primarily because they're often used by consumers who either aren't tech-savvy or simply aren't bothered by potential risks. The document goes on to explain how compromised IoT devices affect not only their owners but also everyone else who shares their network and can potentially cause even more harmful effects if they become a part of a botnet.
The guidelines laid out in BITAG's release primarily focus on prevention of such issues. The organization strongly suggests IoT manufacturers ship products with up-to-date software and a built-in system of automated security updates. The document goes on to explain how strong authentication measures must be enabled on IoT devices by default, i.e. consumers should be forced to create a custom password for their devices before they get to use them. The last particular security measure suggested by the documents states that manufacturers should ship IoT products which are unreachable via inbound connections, at least by default.
BITAG also suggested some more general guidelines regarding IoT security. Among other things, the alliance highlighted the importance of following modern cryptography practices and conducting penetration tests on multiple configurations of IoT devices. Of course, given how BITAG isn't a government agency, none of these guidelines are actually enforceable. However, they could prove to be a valuable framework for legislators once they get to enacting a stricter regulatory landscape for the IoT industry.