This article was first published in the May 2016 issue of WIRED magazine. Be the first to read WIRED's articles in print before they're posted online, and get your hands on loads of additional content by subscribing online. For more stories from WIRED's Security issue, click here.
Security in the world of the internet of things is a bit like climate change: we know we need to act now to avoid a long-term disaster, but we don't know how to go about it. The "things" in the IoT are small, often invisible, and have not-so-powerful processors and little memory; there are a lot of them and they'll be left unchecked by humans for years.
The physical characteristics of IoT devices are very challenging. Because nobody checks on them, how confident can we be that nobody messes with them? Tamper-resistant designs need to become more innovative and mainstream to make sure we have confidence in the devices and their data. Additionally, these devices do not have a physical user interface, so how do we control them or switch them off?
The really hard questions, however, pertain to wireless connectivity. Many IoT devices transmit very little information. Indeed, data packets have become so short that some of our most fundamental crypto algorithms wouldn't fit any more. And if the scenario of sensors measuring data is stressful, imagine the security problems we will have in the downstream - for example from a control centre connected to actuators, drones and robots?
As the IoT develops, the entire security ecosystem will need to adjust. Hackers will need to learn new skills but - given the many more points of vulnerability - they will find it easier to cause havoc. Antivirus software companies will also need to reinvent themselves; to start with, there is not enough memory on these embedded devices to accommodate large antivirus software packages. We have experienced relatively few IoT hacks, not because the system is safe but because there aren't that many devices yet, and even fewer hackers or incentives. But come some real value, we had better get the IoT secured globally.
Oh, yes, did I mention quantum computers? Once operational - and they will be in the not-so-distant future - they will easily break any of our traditional security cyphers. I am sure we will find a patch, but what I can't see happening is anybody fixing the trillions of IoT devices which are meant to be out there for decades. These are the same devices that control our traffic lights, pacemakers, car brakes and our nuclear power plants' fuel levels.
Mischa Dohler is a IEEE Fellow; professor in wireless communications at King's College London and the co-founder of Worldsensing
This article was originally published by WIRED UK
