IoT security is the area of endeavor concerned with safeguarding connected devices and networks in the Internet of things (IoT).
The Internet of things involves the increasing prevalence of objects and entities – known, in this context as things -- provided with embedded systems, unique identifiers and the ability to automatically transfer data over a network. Much of the increase consists of devices other than computers, like household appliances, smart TVs and hardware components.
The main problem is that because the idea of networking appliances and other objects is relatively new, security has not traditionally been considered in product design. Products are often sold with old and unpatched embedded operating systems and software. Furthermore, purchasers often fail to change the default passwords on devices -- or if they do change them, fail to select sufficiently strong passwords.
Security experts have warned of the potential risk of large numbers of unsecured devices connecting to the Internet since the IoT concept was first proposed in the late 1990s. In December of 2013, a researcher at Proofpoint, an enterprise security firm, discovered the first IoT botnet. According to Proofpoint, more than 25 percent of the botnet was made up of devices other than computers, including smart TVs, a refrigerator and other household appliances.
Alan Grau of Icon Labs discusses IoT security: