IoT Security Weaknesses

The Internet of Things (IoT) is essentially a network of devices that are interconnected to function as a larger unit. At home, you might have your alarm clock trigger your toaster to prepare a piece of toast or or your coffee maker a cup of java by the time you get downstairs. At the office, though, the stakes are a little higher. We’ll look at how IoT works, its security weaknesses, and how to be proactive about protecting your systems.

IoT Proliferation

IoT relies on sensors to both gather data and act on it. Because it offers new, more efficient ways to conduct business, it’s quickly grown in popularity. In fact, many employees might be surprised at the complexity of the web in even smaller offices. The IoT can create new revenue streams and optimize the customer experience without risking a company’s budget. However, because there’s so much information being collected and so many interconnected devices, the odds that one of the devices will be compromised rises exponentially.

IoT Security Weaknesses

In many ways, the risks of IoT are innumerable. Every new feature or device introduces multiple pathways for a scrupulous hacker to exploit. Criminals love to see businesses use IoT devices because it makes it that much easier for them to find their way into a company’s system.

Now that more people are working from home than ever before (and using many of their own devices to do so), it’s no wonder attacks are on the rise. Right now, the Dark Web (AKA the haven for cybercriminals to discuss tactics) is rife with discussions on network vulnerabilities and the best ways to take advantage of them.

Why are IoT devices so targeted? The answer is simple human error. When developers are designing hardware and software for these devices, it’s relatively easy for them to make an error. The problem is that the risk multiplies when these products are then connected to so many additional devices.

Successful ones will run periodic updates to correct these issues, but no buyer should count on the developer finding the problem before they do. The most common threats in IoT include:

• Poor defaults: We may not think very much about the default settings on devices, but criminals certainly do. If they’re inadequate, it’s an easy ‘in’ for hackers.
• Faulty upgrade paths: If you can’t run an update on firmware, it’s probably because the pathway is inaccessible. This will introduce risk not just to the firmware, but to the entire network.
• Excess computing power: Many organizations will invest in powerful technology, and only utilize about a 10th of its capabilities. This is wasteful for a company, but not for a hacker. They can turn all that unused power against a company pretty quickly.

IoT hacks take place all over the world and to organizations of all sizes, and the consequences can be vicious. In 2018, a variety of countries were unable to access the internet when a bot flooded the network with excess traffic. In 2010, hackers disabled devices used to make nuclear material in Iran. In 2017, cybercriminals attacked implanted pacemakers. They could not only steal information from it, they could actually change the settings of a device that kept people alive.

What You Can Do to Protect Your IoT Devices

When you use IoT, being proactive is your only option. Keeping attackers at bay starts with the following:

• Implementing centralized protection: Companies are often used to cybersecurity being done piecemeal, based on anything from the brand to the age of the device. However, leaders are quickly learning that this is an unsustainable approach. The reality is that there needs to be a top-down solution that can cover everything connected.
• Investment in cybersecurity innovation: Much like IoT, entire organizations are willing to collaborate with each other and share data with one another, but all that connectivity is often met with a lack of corresponding spending on the security side of it. If data governance breaks down at any stage of the way, the results can be disastrous.
• Don’t wait for standards: Someday, we’ll have active standards that address these problems on a worldwide scale, but experts warn us all not to hold our breath. Even without formal guidance, though, the reality is that organizations are still responsible for keeping information safe and systems up and running.

Convenience Versus Security

Were you one of the millions of Americans who hit the stores or the Internet on Black Friday and Cyber Monday to do your holiday shopping? Did you stock up on all the great deals on home automation products like the Amazon Echo, Google Home, or one of the hundreds of smart devices with which they can communicate? Congratulations, even The Jetsons would envy your home and your ability to turn on your lights, start the coffee, and hear the morning news using only the power of your voice. However, did you know, convenience comes at the expense of security?

Smart home products is a multi-billion-dollar industry, which is expected to see continual growth in the coming years as they become more accessible and increasingly communicative. However, since it is a relatively new industry, there have been some growing pains, specifically around security vulnerabilities. In just the last few years, there have been some serious smart home and Internet of Things (IoT) hacks.

In November 2014, thousands of unsecured, Internet-connected cameras in 256 countries were hacked using the devices’ default usernames and passwords and broadcast on the internet. Although the website claimed its motive was to draw attention to the risks of leaving security cameras unsecured, it was still an invasion of privacy in its truest sense.

In a much different scenario, hackers recently gained entry into an American casino’s entire network and sent company data back to a device in Finland. Casinos are typically very secure, so how did hackers manage this feat? Through an Internet-connected fish tank.

Obviously, not every home has (or needs) an Internet-connected fish tank, but more than likely, you have a device that’s Bluetooth-enabled. This technological wonder is found everywhere today. It’s in your car, phone, laptop, portable speakers, and table-top voice-activated personal assistants, just to name a few. Even some light switches have the functionality. Recently, the IoT cyber security firm Armis announced that many of these devices (over 5 billion and counting) are susceptible to malicious attacks through the BlueBorne vulnerability, a set of known vulnerabilities in Bluetooth technology. Although several of these vulnerabilities have been patched, several remain open. Leveraging this vulnerability, an attacker can spread malware quickly and efficiently; they just need to infect one Bluetooth-enabled device to spread the malware unknowingly to any nearby Bluetooth-enabled devices, and it could spread like the flu. So, ask yourself, “Do I need my Bluetooth on all the time, everywhere I go? Is it worth the risk?”

We cannot make the decision for you on what’s more important in your life – convenience or security. Smart home devices are incredibly convenient. Having the power to manipulate your home using only your voice or smartphone is extremely practical, but it’s also a novelty. Our goal is to arm you with an understanding of the benefits and risks that come with IoT devices to help you make an informed decision regarding these devices.

The strengths and weaknesses for security and privacy in IoT depend on the system you have. While there’s no such thing as preventing all attacks, it pays to mitigate threats to an IoT network by paying more attention to your processes and systems. The more vigilant you are, the fewer problems you’ll have.