Can Google make the Internet of Things more secure?

Google and other tech giants have come together to create a list of recommendations for IoT manufacturers to make the items more secure.

Google is headquartered in Mountain View, Calif.

Marcio Jose Sanchez/AP/File

November 23, 2016

If you are a modern consumer with a penchant for modern technology, it is likely that your thermometer is connected to it. So is your stereo, and maybe even your car. But is the Internet of Things secure?

A new report by the Broadband Internet Technical Advisory Group (BITAG) released on Wednesday addresses security and the Internet of Things (IoT). The group of industry leaders and academics offered recommendations to policy makers, device manufacturers, and consumers to help protect security in the future.

"It's definitely an ISP (internet service provider) problem as well as a consumer and a device manufacturer problem," said Princeton University computer science professor Nick Feamster, according to Phys.org. 

Tracing fentanyl’s path into the US starts at this port. It doesn’t end there.

“When we talk about insecure IoT devices, we can talk about securing the devices, but we can also take a complementary view and say, 'Let's assume the devices may be difficult to secure and it may be difficult to follow these recommendations – maybe there's a role for in-home networking technology to basically firewall or segment to protect these devices from each other or from the rest of the internet.'"

Internet connected devices are ever more an integral part of daily life in the modern world, but in the bustle of daily life, many users forget or neglect to update the software on those devices. That simple omission can leave devices vulnerable to hacking – a significant threat in an age when our devices know quite a lot about us.

For that reason, BITAG directed this week’s report primarily at policy makers and device designers – human nature, report authors said, is to trust devices and let little things such as poor passwords or software updates slip by. For that reason, it is up to policymakers and device manufacturers to design out human carelessness and protect security.

“It is safe to assume that most end users will never take action on their own to update software,” wrote BITAG in the report.

BITAG authors therefore recommended that device makers build in automatic, over-the-air updating tools that take the responsibility for necessary updates out of the hands of users.

Internet-connected devices are not only privy to a great deal of personal information, but they are also easily hacked by individuals who want to bring the internet to a standstill. Just this fall, hackers used home devices to slow internet traffic along the East Coast.

The interconnectivity of IoT devices is also a sticking point for security experts, who say that better segmentation in household networks could help isolate security threats when one or more individual devices are weaker than others.

Other recommendations include best practices for data encryption and communication authentication.

Some of the report’s authors are concerned that because many of the report’s findings seem so common-sense, it will be hard for people to take them seriously. But experts say that it is important to heed this advice, even if it is costly.

"Some of these recommendations sound obvious but it's not so obvious that they should go one way or another," Dr. Feamster said. "Take secure over-the-network software updates – and the ability to update credentials on a device – those sound like basically good ideas. But there's obviously a cost to doing that: what do you do about that when the cost of the device is 99 cents, so the cost of updating it may exceed the cost of deploying it?"

Report writers say that they hope that connected device manufacturers will heed their recommendations, as well as policy makers.

"I also think it could serve as a little bit of a call to action to the IoT device manufacturers to try to figure out how they can band together and try to develop some kind of certification programs for security."