An Internet of Things 'crime harvest' is coming unless security problems are fixed

Internet of Things devices in the home are opening up new doors for hackers to break into networks and steal data.

Internet of Things product manufacturers must get their act together and secure their devices, or they risk handing a whole new way for criminals to carry out crimes, a senior police officer has warned.

"All new technologies, all changes in the way that society is ordered, particularly if it is technology always has a crime harvest. So, when cars were invented people started drink-driving and stealing cars and it's exactly the same with the Internet of Things," said Chief Constable Michael Barton, head of the Durham Constabulary.

"The issue here is not they are being stolen but that they are being used as the mechanism by which people can commit crime," said Barton, interviewed in a new report on Internet of Things security by F-Secure.

While there are benefits to be derived from the Internet of Things in homes, workplaces, industry, transport and more, the rapid proliferation of connected devices has often appeared to come at the cost of cyber security.

See also: What is the IoT? Everything you need to know about the Internet of Things right now

There are many examples of security vulnerabilities in IoT devices providing opportunities for hackers to break into systems ranging from children's toys to industrial control systems, with a race by companies to be the first to market often meaning they fail to implement even basic security into products.

With these devices connected to a home or corporate network, they can easily provide a pathway for hackers to gain access to other systems and the personal data.

"If your fridge is connected up to your local supermarket so that it can order things when they are needed, then it's going to be connected to your bank account and it's that, that is the worry. That all of these devices, none of which are seen as that threatening or that necessary to protect, become the open back door," said Barton.

IoT devices are already common and it's soon going to get to the point where almost every household device could be internet connected by default - because for many of the companies building products, the more data they can collect, the better. Especially when embedding chips is cheap.

"Eventually almost every household device will be online, and they will largely be invisible to the end user as a smart device. They will look like dumb devices, but they will be smart devices. However, they won't offer any features to the consumer because the real reason for them to be online will be for them to report analytics to the company that built the device," said Mikko Hypponen, chief research officer at F-Secure.

While the public should be taught about the security risks about the Internet of Things and provided with advice on how to secure devices, for Barton, it's IoT manufacturers which need to take responsibility for securing products.

"You can't sell toys with pins in them so that children are blinded. You can't sell cars where the brakes work intermittently. Nor should you be able to sell something on the IoT that allows people's bank accounts to be emptied," said Barton.

See also: Your forgotten IoT gadgets will leave a disastrous, toxic legacy

ENISA, the European Union's cyber security agency, is already working towards legislating the Internet of Things, but nonetheless, there are still major risks associated with millions of devices which are already in use - many of which could be installed and easily just forgotten about by users.

"Bottom up and top-down approach is the best way for the technology industry to move forwards responsibly with the confidence of the public behind it," said the report.