With IoT adoption soaring, security is a big concern. Source: Shutterstock

With IoT adoption soaring, security is a big concern. Source: Shutterstock

Can the FIDO Alliance help IoT device makers build-in more security?

CONSUMERS and businesses are increasingly using “connected” internet of things (IoT) devices to make life easier — albeit at great risk to their own and their organization’s security.

IoT devices are often unprotected or poorly protected, making them vulnerable endpoints for hackers looking to gain access to homes and corporate networks for a variety of purposed.

While these IoT devices are incredibly affordable and convenient, making meteoric sales growth possible, they could lead to significant financial losses for users in every sphere.

Gartner forecasted that by the end of next year, we’ll have 20.4 billion connected things. As growth continues, by 2025, IDC predicts that 41.6 billion IoT devices will generate 79.4 zettabytes of data.

Obviously, the pace of change is accelerating as far as IoT devices are concerned — despite the security risks.

Recently, the FIDO Alliance, an industry body formed in 2012 with members such as Google, Facebook, Bank of America, Amazon, Amex, and vendors such as Hitachi, Huawei, LG, NEC, Verizon, announced that a new technical working group (TWG) has been formed to establish guidelines and certification criteria and make IoT devices safer.

According to the body, the lack of IoT security standards and typical processes such as shipping with default password credentials and manual onboarding leave devices, and the networks they operate on, open to large-scale attacks.

The IoT TWG aims to tackle this issue by providing a comprehensive authentication framework for IoT devices in keeping with the fundamental mission of the Alliance – passwordless authentication.

A press release issued by the FIDO Alliance confirms that the IoT TWG will develop use cases, target architectures and specifications covering:

  • IoT device attestation/authentication profiles to enable interoperability between service providers and IoT devices
  • Automated onboarding, and binding of applications and/or users to IoT devices
  • IoT device authentication and provisioning via smart routers and IoT hubs

While industry experts believe that this is a great initiative, there is a bit of skepticism as something like a security standard is quite a challenging thing to develop and claim, with a certain degree of confidence, that adhering to the standard will offer some safety against bad actors.

For businesses, this is quite serious as IoT cameras, connected smart assistants, and other appliances are making their way to factories as well as corporate offices — increasing the vulnerability and surface area of attacks.

With the FIDO Alliance (and its influential members) driving the project, businesses hope to at least work towards a more concrete solution to security as IoT continues finds more common applications.