MWC 2016: IoT Security ‘Is A Mess’ Says Sophos’ James Lyne

As the world around us becomes ever more connected and we put more and more of our personal lives on to mobile devices, the questions surrounding security become ever more important.

With many people unconsciously still treating their smartphones as a basic device that can only make calls and send texts, and not as a highly-powered connected device that contains reams of personal information, just how worried should users be about the security of their device?

Sensitive

“We’re at a point where our smartphone contains most sensitive information than our PC,” James Lyne, global head of security research at Sophos told TechWeekEurope at Mobile World Congress (MWC) in Barcelona.

“If you talk to users about their feelings for (mobile) devices…the trust levels are extremely high compared to traditional computers – and there’s a very strong feeling of trust towards app stores.

“But when you actually analyse whether that trust is deserved, it’s quite fragile, and we’ve got users expecting one thing, but receiving another – and that gap is only widening.”

Recent research from Sophos suggests many popular mobile apps still have significant security flaws – such as not storing login details correctly and what Lyne calls the “incompetent use” of secure connections.

He said much of this is down to developers being too focused on a ‘build fast, build hard, ship’ mentality, as many consumers will appreciate new and shiny features over improved security precautions.

“It’s probably not a huge surprise…but maybe it’s time some of those companies start doubling back and asking themselves questions about security,” he explained.

“It’s important that developers continue to focus on secure coding practices – it’s been said a lot, but building security in as you go is a hell of a lot cheaper than retrospectively adding it in later…we’re building some serious ‘tech debt’ in this industry, which at some point, someone is going to have to pay a price for.”

Lyne highlighted a “glacial” change in security awareness among mobile users, as many people remain unaware of the best way to stay protected whilst using their devices, preferring instead to safeguard their work or personal computers.

“I’m not saying that your scale of danger from malicious code on an iPhone is on the same scale as a PC – that’s absolutely not the case,” Lyne said. “But there are small kinks in the armour that are very concerning.

“(Smartphones) have grown so quickly from a simple black box that you can use to make calls and nothing goes wrong, and there’s not a huge risk, to a device that in some cases even has access to more information than a laptop….and our psychological attitude to this device has not shifted as consumers, or small businesses – so our alertness to the fact that we may be attacked is way less.”

Messy

Lyne (pictured below) was also at Mobile World Congress to discuss the increasingly important issue of securing the Internet of Things.

As companies race to be the first to release a smart, connected, product, from fridges to kettles to socks, this race to launch can often mean that security is left behind. This is a worrying thought when it concerns a device that can gain access to some of your personal data, and Lyne is nothing but blunt when it comes to the current state of the IoT security market.

“Everything is bad.” he said. “The best way to summarise [the current state of IoT security] is – it’s a mess.”

In order to carry out his own analysis, Lyne  spent around £5,000 on buying IoT-enabled devices to evaluate their security, and found that many products were severely lacking in even basic security protection.

“Many of the IoT devices I looked at were tragic, embarrassing and negligent,” he says, “It makes you question, who the hell is writing these things?”

Fortunately, the average consumer is not immediately under threat from these lax attitudes, as many connected IoT devices are pretty uninteresting to attackers – at least for the time being.

However, this perspective may soon change as more and more devices are sold, with Lyne pushing for the industry to work out the kinks and begin properly installing security precautions whilst many IoT devices are seen as gimmicks or toys.

Only this, coupled with a growing consumer awareness about possibly low security measures, can help spur on the IT industry into ensuring the IoT remains safe for all.

“When I see the level of investment that some cybercriminals put into modern-day exploits against the browser, against Microsoft’s operating systems, that have invested so heavily in security – it’s pretty easy to see that as soon as it becomes interesting, we’re going to get a very nasty data breach,” Lyne warned

What do you know about the Internet of Things? Take our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Battery Maker Northvolt To Replace Plant Boss, Amid Difficulties

Difficulties continue for Northvolt, as head of Europe's first lithium-ion gigafactory steps down with immediate…

12 mins ago

TikTok Sued By US States For Allegedly Harming Children

Legal headache deepens for TikTok in US, after a number of states file lawsuits alleging…

1 hour ago

Canadian Crypto Expert Denies He Is Satoshi Nakamoto

After HBO documentary names Canadian crypto expert Peter Todd as Bitcoin inventor – but he…

2 hours ago

Google Confronts Break-Up Threat From US DoJ

US Department of Justice mulls asking judge to force Google to sell parts of its…

7 hours ago

US Supreme Court Rejects X’s Trump Appeal

US Supreme Court declines to hear appeal from X, formerly Twitter, over nondisclosure order attached…

1 day ago