BITAG issues Internet of Things (IoT) Security and Privacy Recommendations report. Image: Rivial Security.

The Broadband Internet Technical Advisory Group (BITAG) issued a new report titled ‘Internet of Things (IoT) Security and Privacy Recommendations’ this Wednesday. The organization is looking to provide comprehensive security solutions for IoT users.

The 43-page document counts with insights from a variety of experts in different fields, and it tackles on some issues currently affecting the state of the Internet of Things.

BITAG’s report arrives as the world turns increasingly worried in the face of a massive IoT threat. In recent months, new dedicated malware has surfaced online to use IoT devices as minions in large DDoS attacks.

Smart and connected devices are a cyber security national concern. The Trump administration has said it would double down on safety in all fronts, including the Internet.

What are the big problems with the IoT?

BITAG is a non-profit organization dedicated to analyzing Internet issues and developing integral solutions to deal with them.

The new report brings together several experts from the telecom and consumer tech industries, as well as academics and specialist groups on the Internet of Things.

The BITAG panel stated in a preliminary remark that “rudimentary security and best practices” guidelines were not enough nor appropriate for IoT users if they truly wanted to stay safe.

That said, the advisory group noted IoT devices were subject to security vulnerabilities due to the outdated software they use. This oversight makes them prone to breaches and malicious usage.

A Distributed Denial of Service (or DDoS) attack is a systematic assault performed by a hacker. Image Source: Chicago Tribune
Thousands of unprotected IoT devices become the launching platform for DDoS attacks. Image Source: Chicago Tribune

Moreover, connected devices interact using unencrypted communications, as well as unauthenticated channels that make them vulnerable, and leaves the entire network exposed.

IoT devices are also rendered virtually useless when there are no connections available, and this poses a security concern as well. Some of these connected gadgets like home alarms may rely entirely on the internet to work.

BITAG says the industry’s “best practices” are not enough

By their previous observations, BITAG then outlined a series of security recommendations that go beyond what the industry deems as “best practices.”

BITAG experts suggest manufacturers should ship IoT devices with modern software and provide frequent updates at accessible rates. The group also points out these gadgets should have stronger authentication methods and undergo more rigorous testing.

Furthermore, these devices ought to meet and follow security and cryptography standards, including the implementation of personalized access credentials on each instrument, and secure, encrypted communications.

In spite of being dubbed ‘Internet of Things devices,’ they should be able to perform their intended functions without an internet connection.

IoT device makers should also implement a transparency policy that is easy to understand for all end users, and the supply chains themselves should instill a system of excellence to ensure safety across all of their products.

“(The objective is to) dramatically improve the security and privacy of IoT devices and minimize the costs associated with the collateral damage that would otherwise affect both end users and ISPs,” reads the report by the BITAG.

Source: BITAG