Hey, if anyone wants to have job security in the future, how about being an IoT security expert?
Trust me when I say this: Nobody wants to pay for IoT security.
Oh, they’re going to pay, one way or the other.
They don’t pay until there’s regulations or court-level liability for them. They also don’t care until that’s true. Both embedded market in general and IoT are terrible places to try to sell people on security. Also remember that the whole reason that 8- and 16-bitters still sell to tune of billions of dollars is that management on buying end wanted to shave every dollar or penny they could per unit. It’s all extra profit for them. That’s all they care about.
There are occasionally companies using secure hardware or software as a differentiator. I’ve seen switches using INTEGRITY-178B, embedded devices using Java processors, a Bitcoin wallet with tamper-resistant MCU, a workstation hypervisor in SPARK Ada, GENU builds a product line on OpenBSD, and so on. Outside defense contractors, most of them go out of business eventually or barely scrape by. People buy the insecure stuff instead.
No - they won’t.
Their customers will, but they won’t.
When people are conditioned to buy knockoffs on amazon because “cheap electronics”, they don’t even know who the reseller is, let alone the manufacturer of the device.
The orginal paper this is based on is well worth a read.