IoT and Security: Is Your Worst Nightmare a Doll Named Cayla?

Posted by on May 3, 2017 at 5:00 AM David Weber  
Share This Post   

IoT is growing at an exceedingly rapid pace. According to McKinsey, the technology is on track to be a potential $11.1 trillion industry by 2025. Why so fast? Unlike other paradigm shifts, both businesses and consumers welcome the advances (who can live without a smartphone today?) and aren’t overly concerned about security issues, at least not yet. That has made adoption of new IoT technologies a relatively seamless process, and has further fueled the sector’s growth. That’s the good news. The bad news can be summed up in this video from the BBC, which truly is chilling on many levels.

As demonstrated, an innocent looking IoT-enabled doll named Cayla overrides a highly secure, IoT-enabled home security system, giving intruders/hackers carte blanche—with no outward signs of a break-in at all.

doll pic.jpg

Why should this be of concern (besides the obvious)? Here are some reasons.

  • In the rush to deliver IoT devices, it’s tempting to make security a lesser priority. From the legendary Titanic to breaches at Sony Pictures, Target stores, and endless others, human nature has a tendency (if not arrogance) to assume technology advances are safe, even when proven otherwise. Just look at consumer indifference to the unnerving Jeep hacking scandal, and how the manufacturer assumed the vehicle was foolproof in the first place.
  • People currently view most IoT-enabled devices/products as just ‘cool’ versions of what they already know. They have little or no concern for security as they trust their devices, or at least the infrastructure behind the devices. If that trust is broken, it could devastate entire industries (toys, home security, HVAC, etc.)
  • Although the legalities will be disputed, courts ultimately may hold service providers liable for IoT-related security breaches, mainly because they have the deepest pockets. Small and mid-size players could be forced to exit the market simply because the liability risks will be too great.
  • The scale of attacks could be unprecedented, overwhelming a service provider in seconds. Like the evil plot of a James Bond villain, imagine 100,000 Cayla dolls deactivating home security systems and other devices all at once, literally turning a service provider into the key to the city.

All, however, is not gloom and doom. As they say, forewarned is forearmed. In the IoT world, that means examining how secure your operations really are, today, starting with your network.

Topics: IoT security, hackers