Security standards being forgotten in IoT stampede, says expert
Ethical hacker says resellers looking to exploit IoT opportunity should help customers roll out network access control
An ethical hacker has urged firms to implement network access control (NAC) as he warned of the growing security threat posed by the Internet of Things (IoT).
Speaking during a Q&A session for the upcoming CRN Security Summit, Ken Munro, founder of Pen Test Partners, claimed that security standards are being forgotten in the stampede to get IoT devices to market.
Munro is also on the board of the Internet of Things Security Foundation, a not-for-profit organisation formed last September with the mission of securing the IoT to aid its growth.
Munro described how he has hacked into a range of IoT devices including a wireless kettle and a child's doll, making the latter swear.
Register here to see the full five-minute Q&A, which will be screened this Thursday as the final session of the CRN and Channelnomics Europe Security Summit.
"Lots of new products are being rushed to market by manufacturers keen to exploit the rush to make everything internet enabled - and they are not quite getting security right along the way," Munro said.
"Whether it's failing to secure a consumer's WiFi key on an IoT device, or exploiting a corporate network through someone putting something clever onto its network, IoT is a really interesting opportunity for hackers."
According to Gartner, by 2020 13.5 consumer "things" will be connected, while in the enterprise, there will be 7.2 billion IoT devices.
Munro said resellers looking to exploit the IoT security opportunity should be helping customers crack down on which devices connect to their networks.
"Isn't it lovely when someone comes into work with a new toy and says 'I can boil the kettle in the office kitchen from my phone?'," he said. "But you have to be very aware of that and make sure someone isn't accidentally, and with the best intentions, putting a back door in your network."
He added: "NAC can stop people putting things on your network that you don't want to be there, so I strongly recommend [end users] do it."