In-brief: The Internet of Things has a diversity problem. Namely: there is too much of it. At least in the arena of operating systems.
The Internet of Things has a diversity problem. Namely: there is too much of it. At least in the arena of operating systems. That, according to the folks over at Fortinet, who have an interesting blog post that talks about the danger that operating system diversity poses to the Internet of Things.
With millions of connected devices shipping each month, each running one of dozens (scores) of different embedded “real time” operating systems, the stage is being set for a very messy transition to the Internet of Things, as vendors and users struggle to deal with the diversity of systems they must support.
From the blog post:
Unlike PCs and other computing hardware, these devices are not being controlled by just a few standardized operating systems. In fact, they are being manufactured without any standards at all, except that they allow Internet connectivity. To fit into the small footprints of the devices they are providing connectivity for, many of the operating systems installed on these devices are cutting down on security, if it is being considered at all. And to make things worse, most of these devices are running their own proprietary versions of Linux, Android, or increasingly, some other operating system cobbled together with poorly written code embedded with hardcoded backdoors.
The answer? Fortinet calls for “standardization” – possibly helped along by lawmakers in Europe and the US. In the near term, vendors need to pay more attention to access and identity management for IoT endpoints. Consumers need to segment networks to isolate Internet of Things based attacks.
We’ve written about this before, noting that recent incidents like the emergence of the Mirai botnet underscore the danger posed by unmanaged and insecure IoT endpoints. Further, the fragmentation of technology ecosystems like that of Google’s Android could be the canary in the coal mine for Internet of Things devices. Without an easy way to update and manage devices after they are deployed, IoT software vendors could find themselves with little ability to thwart attacks and other malicious activity.