| Sensors/Data Acquisition

Sound-Off: The Most ‘Startling’ Discovery in IoT? A Lack of Security

The “Internet of Things” links a variety of devices, from computers and industrial machines to heart monitors and robots. The interconnection also leads to some “startling” data-transfer discoveries, according to one NASA pro.

In March of 2015, John Sprague, Deputy Associate Chief Information Officer of NASA’s Technology and Innovation Division, led the creation of an IoT Lab at Johnson Space Center (JSC).

John Sprague, NASA

The testbed, set up on a dedicated network, allowed users to connect their IoT-enabled devices and evaluate capabilities and performance.

Four subteams were ultimately created to examine four areas of interest: device security; protocols and monitoring; data analytics; and end-user experience.

Along with Frank Scopacasa, Director of the IoT Program Office at the Santa Rosa, CA-based electronics manufacturer Keysight Technologies, Inc., Sprague spoke in a live Tech Briefs presentation titled Utilizing the Internet of Things.

An attendee had the following question for Sprague:

John, in some respect, you’ve been working with and investing in IoT longer than most. What is the most startling thing you’ve found so far?

John Sprague: I’d have to say security. I’m surprised at the lack of passwords. Some devices don’t have any passwords; some have hard-coded passwords.

The most startling thing I’ve found: On at least one of the devices, we found all the data going to Germany.

Another device was hitting a senator’s website, which made absolutely no sense to us. We looked into it a little further, and we figured out that maybe one of the numbers in the Internet Protocol (IP) address were miscoded – an error in the information that was coming out of the device.

Frank Scopacasa: Security is a big deal. There are multiple layers of security when we talk about IoT. Think about the device itself. Can someone get access and hack into the device? The device is then going to connect to the network, so the network has to be secure. Can anyone have access to that network? The data that you’re transferring wirelessly: Is it encrypted data that’s sent over the air, or can somebody intercept and access it? And then there’s the data center, and the handling of the data on the cloud side.

I’m not aware of any specific standard in terms of testing security. There are many different elements of security that you need to consider, and depending on the solution, application, and cloud partner that you’re working with, you’re going to have to figure out how to properly test your security. (Read our 2016 feature article: Learning the 'Keys' of IoT Security.)

Watch the full presentation: Utilizing the Internet of Things

Do you have IoT security questions? Share your thoughts below.