Security Risks and Precautions in the IoT

You move into a new house and it’s time to make it your own. Other than furniture and decorations, you decide to upgrade to the latest and greatest technology. The water and electricity are already connected to the network so you can monitor your usage on your mobile device. But you want more automation. For starters, you install a Bluetooth-enabled, smart-assistant sound system and an automated thermostat, both accessible from your phone and smartwatch. Connected lighting—also controllable from Bluetooth devices—comes next, followed by a smart refrigerator that syncs your grocery list between devices. Lastly, you purchase a home-monitoring security system you can turn on and off from remote locations to protect both your loved ones and all of your expensive technology tucked inside.

Your new home has been upgraded and is now highly intelligent with many remote connection capabilities. It’s also full of possible security threats.

The Internet of Things (IoT), or the ecosystem of smart, connected technology, is growing. Popularity among consumers continues to rise as companies work to meet this demand with revolutionary connected gadgets. Experts believe this trend has the potential to grow to between $2.7 to $6.2 trillion by 2025, with around 26 billion connected devices by 2020.

This high level of adoption and growth has garnered the attention of data privacy and security experts. As virtual data access points in the world multiply at alarming rates, experts are working hard to keep information secure. But it’s not as easy as you’d think.

In early 2016, the average digital consumer owned 3.64 connected devices. That’s 3.64 devices that are basically programmable computers, subject to malware and security threats the same as an average computer. In the home, the items most likely to be targeted involved those dealing with security and surveillance and items that “listen” to voice commands.

IoT device hacks can happen in the following ways:

Botnets

Known as a host of private computers infected with malware, botnets are often used to steal private data, gather online banking credentials, and send phishing emails. In the IoT world, cyber criminals are using botnets to bring down the internet. They do this by gaining access to a number of devices and sending them large surges of corrupt data. Due to the crippling effects this can cause, these botnets are now being offered for a fee and cyber criminals can purchase them for specific causes.

This past fall, for example, a new botnet entered the scene that was able to infect up to 3,500 devices in 5 days. Another attack involved a hacker publicly releasing a botnet malware code that hijacked 1.5 million smart security cameras and other smart devices that were still using default usernames and passwords. Luckily in these cases, as in most basic IoT botnet cases, infected devices are cleaned after a restart. To protect against this new resurgence of botnets, change login credentials on a regular basis and disable telnet connections or risk repeat contamination.

In more extensive IoT botnet hacks, like the distributed denial of service (DDoS) Mirai attack last year that disrupted the internet infrastructure of numerous leading websites, it’s important to scan your household items to check for exposure points. Services exist that can easily scan your surrounding systems for vulnerabilities, including the BullGuard Internet of Things Scanner.

Compromised Control

Most of the time, when consumers worry about data security, they think of bank accounts, email passwords, and the like. What many experts fear with smart technology and IoT hacking is compromised control—when hackers gain access to automated programs and products that can inflict real harm and damage, such as gaining control of a moving vehicle.

While consumers love having vehicles loaded down with technology—from OnStar and Bluetooth calling capabilities to remote starters and automatic brakes—all of these connected pieces can be susceptible to a hack. In 2015, researchers proved this vulnerability by remotely hacking into a vehicle and bringing it to a halt in the middle of the road. This resulted in a recall of 1.4 million vehicles to repair the at-risk infotainment systems.

Securing these access points falls onto the shoulders of manufacturers, to test entry points and come up with technology to safeguard their systems.

Manufacturer Oversight

Many vendors and manufacturers are choosing default credentials for everyday smart devices in order to ramp up production and keep up with demand. While a pretty standard approach for creating a smart device for mass consumption, last year’s National Intelligence Assessment listed cyber security and the IoT as the two biggest security concerns. This high level of attention adds pressure to manufacturers to make security a priority as they design new IoT products and continue manufacturing existing designs.

Manufacturers could combat the easy target of a default credential by requiring users to log in with a non-default username and password before the product can work. This extra step would hopefully raise awareness in consumers and make it so they cannot simply accept the defaults that expose their devices to hackers. After all, even smart light bulbs are in need of software updates in the same way as a regular computer. Many consumers don’t realize this and therefore don’t keep manufacturers accountable to providing new and updated technology for routine security maintenance of these smart devices.

The manufacturer’s challenge lies in not only keeping up with the latest security technology, but hiring capable staff members to create innovative solutions for keeping smart devices out of a hacker’s reach.

The trend of connected, smart technology continues to grow day by day, and the topic of securing data in our highly-connected lives is likely to pick up momentum as time wears on. What are some of your top concerns with IoT security? Tell us in the comments below.

For more great information from an expert in IoT security, check out this month’s Q&A.