The Insecurity of the Internet of Things (IoT)
The IoT is primarily composed of commonly used devices such as Home routers, DVRs, and internet-connected cameras.
Many people picture smart thermostats and virtual assistants that will respond to voice commands, IoT streets are buzzing with the new breed of innovations that’ll take it to the much-awaited glory.
For hackers The surge in innovation, availability and adoption has made IoT an attractive target and has made the“insecurity of the Internet of Things” a cause for concern. There is much less security for attackers to overcome when trying to take over an IoT device.
Unlike a laptop or desktop computer, which will receive automatic security updates and typically have security software installed, an IoT device’s only protection may be an easily guessed default user name and password.
A large-scale attack on DNS provider Dyn demonstrated how easy it was to create a large botnet and disrupt major websites such as Netflix, Twitter, and PayPal.
Attacks using IoT devices also lower the barriers to entry for cyber criminals. The Dyn attack also revealed the existence of Mirai to the world at large. While it is difficult to definitively state how many Mirai-infected devices are out there, but many figures quoted are quite staggering.
Security is often not a priority for the device manufacturer With IoT devices. This leads to poor practices such as the use of default passwords and open ports, which the users do not, or cannot, change.
IoT devices typically don’t have built-in mechanisms to receive automatic firmware updates, resulting in vulnerabilities being left unpatched.
They are often forgotten about once installed. This means that their owners are unaware when devices are being used for malicious purposes and have little incentive to apply firmware updates.
Infected IoT devices could also be used as a stepping-stone to attack other devices in a private network. It could also mean that a device belonging to you could participate in a global botnet that plays a role in taking down websites or services.
The attack showed how powerful a DDoS attack using IoT devices could be and raised questions about what it might mean if attackers decided to target industrial control systems or critical national infrastructure.
As the profile of IoT devices change and connected cars and connected medical devices become more commonplace, attacker motives are also likely to change.
Gartner estimates that there will be more than 20 billion IoT devices in the world by 2020. Though there is no one way to fix a complex problem like this, risk-based baseline security standards are part of the solution.
Regulation of the IoT industry to ensure that security is a core consideration in the design and manufacture of IoT devices will be a great place to start.