The IoT’s shaky security

Analysis of the Samsung smart TVs data shows the Internet of Things has a long way to go.

Samsung’s spying TV sets attracted headlines that worried many people but until yesterday no-one had looked at exactly what data was being sent by the devices to Samsung.

Pen Test Partners looked at the data flowing too and from Samsung smart TVs and found that yes, the devices are listening and transmitted data back to their – and other company’s – servers.

That is pretty well what is expected, the real concern though is the quality of what’s being transmitted with Pen Test describing it as a mishmash of code with not even a gesture towards security, “what we see here is not SSL encrypted data. It’s not even HTTP data, it’s a mix of XML and some custom binary data packet.”

One of the concerns about the Internet of Things has been the quality and security of the data being transmitted, the Samsung TV shows both are lacking.

For the IoT to deliver the benefits it promises, connections need to be secure and data reliable. Right now it appears the vendors of consumer products aren’t delivering the basics necessary to make the technologies dependable.

Similar posts:

  • No Related Posts

Author: Paul Wallbank

Paul Wallbank is a speaker and writer charting how technology is changing society and business. Paul has four regular technology advice radio programs on ABC, a weekly column on the smartcompany.com.au website and has published seven books.

One thought on “The IoT’s shaky security”

  1. Dear Paul,

    I can agree with you on the security issue, but please don’t call this IoT!

    The Samsung’s more or less Smart TV is one of the many multi-media computers without keyboard sold as a TV. Very interesting and useful devices, but unfortunately the security and privacy problems, already a not completely solved for computers, are amplified by the cost pressure and the lack of an effective gateway/firewall in front.

    But IoT? If this is IoT, then any smart phone is IoT, and even a Supercomputer is IoT.
    Lets reserve IoT for, if I may phrase it this way, intelligent and less-intelligent objects that up to now have not been able to communicate, and that with IoT functionaly added, an with the appropriate infrastructure become communicative at at least some level.

    Adding IoT functionality to for example a suitcase is real IoT.
    A smart phone is a communcationg ICT device in its own right, and at least initially phones were invented to communicate, and more and more ICT was added over time.

    So please don’t mix up things . . .

    BR,
    Cees Lanting
    CSEM (CH)
    Chair of the EPoSS WG Communications for Smart Devices (covering IoT, CPS, etc.)

    Reply

Leave a Reply