An increasing number of cybersecurity experts are speaking out about the risks of smart devices, and they say it might be time for the government to step in.
The threats of IoT devices led the conversation at the CyberWatch Security Event hosted by SSH Communications. Panelists compared the rise of IoT devices to internet pollution and said it's critical to prevent devices from shipping with default passwords.
"Public safety issues often require regulation," said Sam Curry, Chief Security Office at Cybereason. "That doesn’t mean that we go out and write it – it means we need a discourse."
"Frankly the channel is in a unique position to look across companies and say, here’s what my customer needs and I also can help sift through all those claims from product and server vendors, render it and make it useful," Curry said. "The channel is always looking for ways to put the customer first and help filter the world in this way, and I think these subjects is what’s really going to help them to do that.
IoT devices tend to have default credentials hard-coded into their firmware, making it easier for cybercriminals to access more devices faster. In August 2017, U.S. lawmakers introduced a bill that would set new standards for government IT vendors. The bill would require smart devices purchased by government agencies to be patchable and would ban devices that are shipped with hard-coded passwords.
"There will be so many incidents that actually put people in danger, " said Tatu Ylonen, founder of SSH Communications Security. "They have to make sure there are no default passwords that every unit has a different password in it, so they can't be harnessed to do an attack against some critical system, like emergency services."