For many, the idea of WiFi routers turning into secret spies and smart home assistants listening to private conversations sounds like a Hollywood movie plot, and yet it is very real. In fact, the risk of being compromised through Internet-connected devices is becoming a serious issue both for individuals and organizations due to existing vulnerabilities in IoT security.
Table Of Contents
The cyber-risk is real. And it has been growing steadily
IoT market has exploded in popularity in the last couple of years, with 8.4 million Internet-connected devices today making our lives easier and more organized. It is estimated that by 2020 the number of smart gadgets will reach 20.4 million, according to research firm Gartner.
Given the ever-growing usage of IoT devices, it makes perfect sense that hackers will try to find and exploit any possible vulnerabilities to sneak into networks of their victims for nefarious purposes. Which they actually have been successfully doing for quite some time now.
IoT devices could be easily turned into spying mechanisms capable of recording conversations, capturing biometric data, monitoring everything that we do –both online and in the actual world. While smartwatches, baby monitors, fitness trackers, doorbells and home assistants seem rather convenient and fun, it suddenly changes once you realize their eavesdropping powers.
We must not forget that the same technologies can be used for both bad and good – it all depends on who is using them. In the hands of criminals, smart tools can be turned into robotic soldiers, recruited to spy on their users or participate in global botnet attacks.
Over the last few years, we saw a number of successful attacks on IoT devices, mostly routers and IP cameras. One of the most significant ones was the Mirai botnet – a sneaky malware that took advantage of insecure IoT devices to launch a massive DDoS (distributed denial of service) attack. As a result, many of the world’s popular websites and services, including Spotify, Netflix, Twitter, CNN, and Reddit, were shut down for a whole day.
Such attacks clearly demonstrate the desperate need for proper IoT security as the current situation poses too many risks to businesses, organizations, and the general public.
The default password is as secure as no password at all
What keeps cybersecurity experts up at night is the apparent lack of security standards for connected devices, which leaves an open door for cybercriminals to any home or office equipped with IoT.
What’s also concerning is that not only the majority of IoT gear today is manufactured without security in mind, users themselves are ignorant about the possible risks of devices that they bring to their homes or workplaces.
What happened with the Mirai botnet pretty much describes the problem. The hackers behind the attack managed to infect around 100,000 IoT devices by checking open ports and using a list of 61 most common default log-ins. As many users are not informed enough or ignore the advice to change the default password before connecting a new device to the Internet, they automatically put themselves at the top of the list of potential hacking victims.
It is as simple as it sounds: if a malicious actor knows the default username and the password, they can easily find an unsecured device and wreak havoc.
Securing IoT: What can we do?
It is obvious that as the Internet of Things will continue to expand, so will the attacks on IoT devices. Therefore, it’s crucial to take some steps towards better security before too much damage is done.
First and foremost, the industry needs regulations and laws to ensure that products that appear on the market are properly secured by design. Also, it is important to educate customers about the risks of connected devices, as well as provide advice on how to protect them. A sense of shared responsibility of governments, manufacturers, and users would also be a huge help moving towards better security.
“The moment that consumers know their fridge can spoil their own food but might also be attacking the neighbor’s fridge, they might say, I want to be a responsible actor. Most civilians want to be responsible actors,” said Olaf Kolkman, chief Internet technology officer for the Internet Society.
Such changes in technology and customer behavior are crucial in the long run to keep up with cybercriminals who are constantly working on bigger, sneakier, and more damaging crimes.
IoT security checklist
Besides the obvious advice to change the default passwords of all connected devices, there are additional steps users should take to protect their security and privacy:
- Create a separate network for your IoT devices to keep criminals from accessing your core network.
- Keep firmware and software up to date to ensure your device receives security patches for newest vulnerabilities.
- Enable two-factor authentication if your device supports this feature. It will add an extra layer of security to your device.
- Disconnect devices from the Internet when you don’t use them. By doing so, you will reduce the opportunity for a hacker to break into your device.
- Whenever possible, use reliable encryption tools to secure your communications from snoopers and cybercriminals.