Q&A: Years of IoT hacking, but what have we actually learned?

TL;DR Not much. I come across many networks where there isn’t the level of separation that there should be, nor the special treatment of IoT devices as untrusted and difficult to update. It’s probably only strong regulation and certification programs like for electrical safety that will bring IoT devices up to a reasonable level of security…:

[…] To gain an insight, Digital Journal spoke with Brad Ree, chief technology officer of ioXt. Ree leads ioXt’s security products supporting the ioXt Alliance.

DJ: What has the IT sector learned over the past decade in terms of responding to hacks?

Ree: The IT sector has learned to provide a separation between networks to increase security and decrease the impact of compromised devices, and, for the most part, it’s done a good job at this so far. In addition, silicon providers are offering better reference libraries to build security in from the onset of manufacturing.

DJ: What can the IT sector do better?

Ree: Manufacturers and network/ecosystem operators should collaborate to create a set of baseline requirements that all devices will need to meet before entering the market, and this is something the ioXt Alliance, along with other organizations, is working towards. It’s important for the IT sector to understand that the transparency of device security is critical and responses to known vulnerabilities should be quick and automated, and expecting the end consumer to address core security issues in home networks is not reasonable.


Original article here