The security devil is always in the details of the attack: the ones you’ve endured, the ones you prepare yourself to fend off, and the ones that, you fear, will catch you completely unaware and defenseless. The Internet of Things (IoT) is nothing if not an endless proliferation of details. It’s the vision of a world in which continuous Internet connectivity and addressability is embedded into a growing range of human artifacts, into the natural world, and even into our smartphones, appliances, and physical persons.
In the IoT vision, every new “thing” – sensor, actuator, data source, data consumer, routing intermediary, etc., is a new security-relevant detail that stirs up a wide range of collateral security issues. In other words, every new networked IoT endpoint is a new potential attack vector or launching point that the baddies can exploit. Potentially, every time you plug in a new IoT-networked device that is infected with malware or simply open to unauthorized third-party exploitation, the vulnerabilities start. Someone somewhere might exploit the new access point to gain illicit access to sensitive secrets (business, consumer, government, etc.), to damage software and data, and to wage distributed denial of service attacks.