Do you remember the movie E.T, where E.T is essentially stranded on Earth until he assembles a makeshift communication device which sends a message to his spaceship to return to earth to retrieve him?
How fortunate was it that his alien counterparts assumed the message was from him? I mean, who else on earth could have sent a message, right? What if the message was sent from evil human scientists “pretending” to be E.T? Instead of a happy ending where E.T. goes home, the humans could have trapped and captured the aliens when they land. Now the evil human scientists have hostage aliens along with a pretty sweet spaceship!
In the IoT world, a more realistic scenario would be a “connected” thermostat which sends data to a server. As we consider the security around the communication between the devices, we should ask ourselves:
- Should the server trust the thermostat just because it can communicate with it?
- Should the thermostat trust the server that it is sending to?
- How can we be sure that the thermostat and the server are what they claim to be?
As you develop your IoT security strategy, these questions must be taken into consideration.