NEWS AND VIEWS

Comment: Manufacturers need to design internet-connected devices with security in mind

  • Learn more by visiting an itSHOWCASE Software Discovery Day at a venue near you

    Register Me

Padlock on laptop keyboard

Commenting on the security vulnerabilities uncovered in smartphones, internet-connected TVs and other devices, Martijn Verbree, partner in KPMG’s cyber security practice…

It may come as shock but security vulnerabilities exist in pretty much every internet connected device.  When internet connected devices are made, security may be an afterthought in the design process and not part of the initial thinking. Many connected TVs were designed to be TVs first and then with some computing functionality, an operating system, apps, a few sensors and Wi-Fi connection bolted onto it.

The lack of security by design will change over time when the industry matures: we have already seen this take place with smart phones, which are now a lot better protected and better patched, although far from secure.

Related post:  Four major signs that you need to change IT providers

The vulnerabilities uncovered pose a low risk to the general public at the moment.  However, you can imagine that a lot of security folks will try to reverse engineer it right now – including criminals, hostile nation states, universities etc.  With the exploits most likely requiring a piece of malware to be installed on the TV itself – either through physical access, or the consumer clicking on a bad link or by downloading an infected app – it makes it relatively hard to target specific individuals.

Fixing this will be hard and the most likely fix will be via a software patch. But the challenges are, what other vulnerabilities already exist and how manufacturers get the patches out?  Yes, some TVs are internet-connected and could have the firmware updated remotely.  However this typically requires some consumer intervention and that being manually done by a consumer isn’t easy to achieve.

Related post:  Brexit has already cost more than the International Space Station – and it’s still rocketing!

Vendors will need to take responsibility and provide fixes to vulnerable devices, even if they’re over their normal warranty period.

You might also like:

  • Azzure IT

  • Epicor

  • Medatech