Is Your Kettle Spying on You? The Reality of IoT Device Security

3 mins read
IoT security risks Supply chain vulnerabilities Post-quantum cryptography Security-by-design philosophy Quantum cyber-attacks IoT Device Security

IoT Device Security relies heavily on the integrity of the supply chain, necessitating accountability at every stage, from production to distribution. Recent incidents, such as the SolarWinds breach, underscore the repercussions of compromised supply chain practices, exposing thousands of organizations to cyber threats. Bridging the gap between software and hardware security is imperative, especially with the looming threat of quantum cyber-attacks.

Related devices are becoming commonplace in our daily lives, from internet-enabled home appliances to wearables like smart watches. There’s no denying that the technology inside these devices is getting smarter, even though the usefulness of a kettle connected to your home internet system is questionable. But the real question is: To what extent do these devices pose a security risk?

Is Your Kettle Spying on You? The Reality of IoT Device Security -  Infosecurity Magazine

The Price of Unsecurity

Threat actors will always come up with creative ways to exploit undiscovered vulnerabilities and new technologies, and it doesn’t help that 50% of the devices that were shipped in 2020 had security flaws. Due to the lack of security in consumer IoT products available, hackers have been known to infiltrate networks using baby monitors and webcams, and yet completely seize control of intelligent cars.

The supply chain is crucial for ensuring the security of IoT devices at every stage of their life cycle, from production to distribution. The great question is, who is accountable with but little fragmentation? In actuality, everyone must uphold their end of the bargain by giving security at each supply chain link priority. We need regulation throughout the supply chain to hold organizations accountable in order to make sure this happens; otherwise, we run the risk of opening up opportunities for criminals to take advantage of when people do n’t contribute.

When a damaged IT infrastructure company, SolarWinds, shared an afflicted software update with its clients, it was one well-known instance of sabotaged supply chain behavior. The security of thousands of organizations, including government agencies and blue chip companies like Microsoft and Intel, was therefore put at risk when Russian cybercriminals were able to access exclusive company files through a backdoor in the update.

There is a chance for malicious actors to intercept and manipulate device functionality or inject malware because data is exchanged between each link in the supply chain, especially during device programming and testing. Additionally, there is a sizable gap between software security and hardware security. There are many hardware security options available, but it can take a month for businesses to get started using them because it is so difficult.

Malignant actors will be able to boost the effectiveness of these attacks with significantly more potent computers at their disposal thanks to the development of quantum technology. By implementing post-quantum cryptography security solutions, where crypto algorithms use this emerging technology to stay ahead of attackers, businesses can reduce the risk of quantum threat.

Collaboration is Important for IoT Device Security

The effects of quantum technology are enormous. As a result, governmental bodies are crucial in establishing standards and regulations for IoT security because they serve as the link that binds producers and consumers up and promote collaboration. For instance, since 2016, NIST has been attempting to create a post-quantum cryptography standardization process to combat the threat.

Nevertheless, getting everyone to sing from the same hymn sheet can be challenging. Consumers prioritize convenience, manufacturers prioritize profitability, and regulators simply want everyone to abide by the law. It can be difficult to strike a balance between these interests, and when it does, it can create weaknesses that attackers can and will use to further their individual objectives.

Because of this, it is crucial that businesses focus more on Wifi security. Heads are frequently buried in the sand, presuming that another supply chain member will solve the issue. Organizations can evaluate the technologies that are applicable to improve It security more easily if they have a solid understanding of the law and standards, and having certified guidelines in place will encourage businesses to follow accepted standards of security.

Killer kettles show security an afterthought for connected homes | New  Scientist


Bad design is frequently exploited by malicious intent, but also unintentional data leakage caused by ineffective security controls can have serious repercussions for both consumers and vendors. As a result, it is essential that IoT services and devices have security built in from the start. Instead of attempting to add a security-by-design philosophy as an afterthought, we must embrace it.

Security is a top priority in this method of creating IoT devices from the very beginning of the product’s design and development. It embodies a strategic mindset where security considerations are an essential component of the device’s lifecycle, from conception to deployment.

Consider the chip, the software, and the device as layers on an onion. The chip must be certified, the software must use the chip in a certain way, and the device maker must implement these two layers without violating the entire security model in order to achieve security. The only way to successfully reduce the risk of a breach is to ensure the highest level of security at each stage of the IoT lifecycle as technology develops and cybercriminals use this to expand their strategies.

Although the threat posed by a related kettle may seem negligible, as we all know, just one weak entry point is necessary for an opening to form. Malignant actors will now be preparing to take advantage of the potential for quantum cyber-attacks on the horizon. If we want to stay away in the fight against criminals, it’s more crucial than ever that organizations become aware of the problem and take control of their networks by embracing quantum-proof security measures.

Leo Portal

Leo is an expert in the field of smart city research and an overall tech-enthusiast with an emphasis on smart energy, IOT, smart homes and governance. After a master degree in international administration at the University of Gothenburg in Sweden, and a master in public management at Fudan University in China, he pursued research studies in the field of smart cities at the European University Institute. This led him to publish multiple articles on smart cities. Among them “Using Smart People to Build Smarter: How Smart Cities Attract and Retain Highly Skilled Workers to Drive Innovation (Belgium, Denmark, the Netherlands, Poland)” published in the Smart Cities and Regional Development Journal (SCRD) and “Establishing Participative Smart Cities: Theory and Practice”, also published in the SCRD Journal. He regularly audits and advises municipalities and regional governments on their smart city strategies. He is currently writing a chapter for Springer on smart mobility in French smart cities.

Leave a Reply

Your email address will not be published.

Previous Story

Vienna-based HYDROGRID bags €7.7M to help hydropower plants digitise and run effectively

Salton Sea lithium deposits Renewable energy minerals Lithium in battery technology US lithium supply chain Economic impact of lithium discovery
Next Story

Huge lithium deposits discovered in California’s Salton Sea

Latest from Other

Don't Miss