It is expected that Internet of Things use is expanding quickly. But what about their security? I strongly encourage to read article The Internet of Things Is Wildly Insecure — And Often Unpatchable by well known security expert Bruce Schneier. It says that we’re at a crisis point now with regard to the security of embedded systems, where computing is embedded into the hardware itself — as with the Internet of Things. These embedded computers are riddled with vulnerabilities, and there’s no good way to patch them.
The article comments following things on the cheap routers, but I see those facts apply pretty much to many IoT products as well: Typically, these systems are powered by specialized computer chips made by companies such as Broadcom, Qualcomm, and Marvell. These chips are cheap, and the profit margins slim. They typically put a version of the Linux operating system onto the chips, as well as a bunch of other open-source and proprietary components and drivers. They do as little engineering as possible before shipping. The system manufacturers don’t do a lot of engineering, either.
The problem with this process is that no one entity has any incentive, expertise, or even ability to patch the software once it’s shipped. And the software is old, even when the device is new. To make matters worse, it’s often impossible to patch the software or upgrade the components to the latest version. Even when a patch is possible, it’s rarely applied. This is only the beginning. All it will take is some easy-to-use hacker tools for the script kiddies to get into the game.