Telenor Connexion discuss complexity of IoT threats, highlighting need for robust security

Over the last couple of years, numerous reports have focused on the huge potential value of the IoT. But as the IoT becomes more reality than concept, analyst houses and industry experts are shifting their emphasis away from the economic and social opportunity, towards the more practical impediments that may inhibit its growth.
The two prime issues here are privacy and security, both of which are now being widely reported in mainstream media, leading to unprecedented levels of scrutiny over the IoT’s scope. In a recent interview, Jimmy Johansson, Information Security and Privacy Officer of Telenor Connexion, discussed threats and resolutions to security and privacy in the IoT.
In his view, consent and transparency are key to consumer faith in the IoT: ‘Be very honest and clear about what information is collected, processed, analysed, stored (including for how long), and how it is eventually destroyed. It is also important to detail in what way it might be processed, analysed, stored, shared, or sold to a third party.’ Companies need to take a realistic approach to privacy agreements, and be very clear and concise with users about what they are consenting to. It is common today that legal text state that terms can change without notice and it is up to the end user to update themselves – in reality, consumers do not have time for this, and as a result their confidence in digital services weakens.
For Johannsson, there are common misconceptions about how to secure the IoT – the industry needs to understand that a vulnerability in one device platform can lead to several hundred million IoT devices being comprised, potentially leading to denial of service attacks and theft of log-in credentials or even bank details. This of course requires all companies in the IoT to work together and understand common threats.
Telenor’s expert also raised other practical issues that will invariably affect consumers such as the purchase of second hand IoT devices: ‘When I buy a house and I get the keys to the door, how can I be sure that the previous owner does not have any access to, or control of the alarm system, cannot turn off the heat or my fridge, or watch my family and our guests having dinner on a Saturday evening?’
In the field of smart cities, there are even greater complexities to consider. For example, how will we solve governance in an environment where many products and services interact with each other and share communication paths? How will the many attack surfaces be monitored, and how do we conduct a security assessment or penetration test of a smart city?
A growing number of industry experts are calling for greater focus on securing the IoT. Telenor and other mobile network operators are taking a lead role in securing the IoT, with the GSMA having produced an initial draft of its ‘IoT Security Guidelines’, designed to help the industry establish a common understanding of security issues, establish best practise and provide recommendations on how to mitigate common security threats and weaknesses. For more information on the GSMA’s work on securing the IoT, please visit our Security Guidelines page.
The full interview with Jimmy Johansson and experts from Kaspersky Lab and Ziggy Creative Colony can be viewed here.