Emergent Tech

Internet of Things

Sigfox leads with its chin on security for internet-connected things

'Imagineer's declaration' betrays industry-wide apathy

By Gareth Corfield


Comment French Internet of Things bods Sigfox have published a “Universal Declaration of IoT Rights”, which, as well as being a bit awful, sheds light on a wider boredom with proper security.

Hopefully published tongue-in-cheek, the declaration was written by Sigfox’s “vice president imagineering” (not a typo), opening: “We have a vision that one day, everything around us will have a 'voice' through IoT connectivity.”

It gets a little Asimov-ish after this.

Article 1 – All connected objects are created equal in dignity and rights. They are endowed with connectivity and should act towards the Internet in a spirit of brotherhood.

Article 2 – Every connected object is entitled to all the rights and freedom set forth in this declaration without distinction of any kind. Furthermore, no distinction shall be made on the basis of the technology choice of their inceptors, of the country or territory where they are deployed, or whether the deployment be peer-to-peer, LAN, WAN or LPWA.

Article 3 – Every connected object has the right to security.

Article 4 – No connected object shall be subjected to hacking or to damaging treatment or tampering.

Article 5 – No connected object shall be subjected to arbitrary attacks or denial of service.

Article 6 – No connected object shall be subjected to arbitrary interferences with its operation. Every connected object has the right to protection against such interference or attacks.

“Our vision could be perceived as utopian,” a mildly self-aware Raoul Mallart tacked onto the end of the post, adding: “It is our hope that this bold declaration will set a direction and an achievable goal for the IoT ecosystem.”

Back in the real world, where the Mirai botnet turned millions of internet-connected IoT devices into a rampaging botnet army which knocked out Dyn DNS last year, and where the same nasty is now out in the wild and being used with carefree abandon against ISPs, we have a serious problem. No amount of paraphrasing of The Three Laws is going to make an appreciable difference to IoT security.

While end users can’t be bothered to update their IoT devices and wannabe regulators are – seriously – proposing to address the glaring IoT security problem with stickers, sensible efforts like the GSMA’s security recommendations are being drowned out almost completely.

For sure, Sigfox’s “declaration of IoT rights” is not exactly a substantial manifesto, and nobody’s pretending otherwise. Yet phrases like like “Sigfox-Ready objects are protected and cannot be hacked from Internet” – lower down in the blog – are what we in the UK call “leading with your chin”: if that isn’t an open invitation for some miscreant to go and prove Sigfox wrong by hacking one of its networks, what is?

Whimsical posts like this one – and Sigfox isn't alone here – betray a wider industry attitude towards IoT security that can seemingly be summed up as follows: "Meh". ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Sigfox doesn't do IP and is therefore secure, says UK IoT network operator

Bold claim by WND-UK grand fromage

IoT coverage for 95% of UK by 2019? We can't even do 4G, Sigfox

French firm and new pals WND announce, err, ambitious plans

Sigfox veep: Our gear will be less pricey than kit for NB-IoT customers

As for that fabled IPO? May happen 'when market is right'

IoT upstart Sigfox gulps down €150m funding but falls short of target

We might start making profit in two years, says French firm

Sigfox IPO? Um, sure! 2017, 2018, whenever, we'll definitely do it

Funding target missed, potential IPO date slips right

We'll hit THAT 95% Sigfox coverage target using telly aerials, says WND-UK

Well, rooftop yagis hooked up to 12v Intel PCs

L'Internet des objets: French firm Sigfox inks deal with Telefonica

World + dog can buy licensed spectrum IoT connectivity

Samsung slings simoleans at Sigfox for things-on-cells standard

Yay, another connectivity-for-things protocol

Bad news, mobile operators: Unlicensed IoT tech rocketing ahead of NB-IoT and LTE-M – report

Plus global mobe mobs name Sigfox top IoT tech lag

Qualcomm buddies up with Ford, Panasonic to punt connected car tech

Trio says their V2X flavour totally dunks on 802.11p radio