The Internet of Things (IoT) is a term used to describe the network of interconnected electronic devices with “smart” technology. While smart phones are now commonplace, other smart devices are still in their infancy but use is growing all the time and there are now an estimated 6.4 billion “things” connected to the Internet, a 30% increase from 2015. In 2020, this number is expected to grow to a staggering 20.8 billion.
These smart devices include cars, household appliances, building systems such as lighting and heating, televisions, medical devices, manufacturing equipment, and many other types of systems used both in a consumer and industrial setting.
Smart devices are intended to make our lives easier and more convenient. For example home automation systems allow homeowners to turn up the thermostat on their way home from work in the winter, or be alerted immediately of a suspected home intrusion while they’re out.
However, all this additional hardware and software connected to the internet and potentially accessible by anyone (if they have the correct credentials or via a software vulnerability) poses a huge threat to the security of businesses and individuals who use it.
The Security Risks of IoT Devices
Every piece of hardware and software that you use and is connected to the internet has the potential to be accessed by cybercriminals. With the introduction of each new device, the number of potential access points for hackers grows.
There have already been several examples of smart devices being hacked or having vulnerabilities, including:
- Many smart medical devices including insulin pumps and internal defibrillators use outdated software and unencrypted data, which introduces serious vulnerabilities in terms of patient confidentiality and physical wellbeing.
- Millions of smart TVs are at risk of click fraud, botnets, data theft, and ransomware.
- 1.4 million Fiat Chrysler cars were recalled after researchers discovered they could access and control the cars remotely over the internet including shutting down the engine and steering off the road.
- 75% of Bluetooth Smart door locks have been found to have vulnerabilities that allow them to be easily hacked.
- The biggest ever DDoS attack was recently carried out using over 150,000 hacked smart devices worldwide including cameras, printers, and fridges.
Security experts warn that many smart devices are vulnerable to attack because they do not undergo sufficient security testing, often run outdated software, and it is not possible to install a firewall or other security software onto them as you can do on a conventional computer.
As computer software becomes increasingly software and resistant to malicious attacks, hackers are turning to the new generation of smart devices as an easier option, often with great success.
Why Are Smart Devices So Vulnerable?
There are several reasons why the Internet of Things is such a threat to our digital security. A study carried out by HP reviewed some of the most popular IoT devices in order to assess their overall security level and discovered several points of concern:
1. Lack of Protection for Private Data
Most consumer smart devices (90% of those assessed in the study) hold personal sensitive user data either in the device itself, in the cloud, or via the mobile application that integrates with the device. This data is often not protected properly and is often sent unencrypted across networks.
2. Insecure Software
As smart technology is moving so quickly, manufacturers are under pressure to get their product on the market as quickly as possible. This means that essential parts of the software lifecycle such as security and testing are often rushed.
While updates tend to be released regularly for such devices, 60% of those studied downloaded these updates automatically without encryption. This means there is potential for the download to be intercepted and modified by hackers.
In many cases vulnerabilities may also not be patched immediately as the company does not want to disrupt its users by forcing a firmware upgrade.
3. Insufficient Authentication Procedure
Insecure passwords and cloud identity management are a common vulnerability in all kinds of digital systems. While most computer software now forces users to create a strong password, the same is not true of all smart devices.
Additionally it is common for users to share passwords across several accounts. If the security of the connected device is insufficient and hackers gain access to the password, they may then use this password to access other, more sensitive accounts belonging to the user.
80% of devices tested failed to require sufficiently long and complex passwords.
4. Lack of Data Encryption
70% of devices were found to send data over the network unencrypted. Data encryption is essential to prevent it from being intercepted by unauthorized persons, particularly when it is being transferred over the internet between the cloud and the device or mobile app.
5. Poorly Coded User Interface
Over half of the devices tested had poorly coded web interfaces that introduced security holes through issues including poor session handling, weak default credentials and persistent cross-site scripting.
These security holes allow hackers to gain access to the web interface easily via tricks such as using the password reset facility, and thereby gaining access to data and control of the device itself.
How Can We Make The Internet of Things More Secure?
IoT security is starting to be taken more seriously and even the FBI has issued warnings about security risks that may come with the use of such devices.
Several security councils and alliances have also been set up by various technology organizations in order to develop best practices and provide education on properly securing smart devices. These include the Internet of Things Security Council and the Internet of Things Security Foundation.
While the manufacturers must take more responsibility for building secure devices and releasing security patches as soon as vulnerability is discovered, the individuals and businesses that use IoT devices must also ensure that they have taken their own security measures.
Cloud-integrated security control panels that monitor connected smart devices and inform the user of security risks and compromises via intelligent threat detection and data loss prevention tools are one possible solution.
It’s also essential that the cloud services used by devices to store user data are secure in order to prevent serious data breaches.
In order to ensure sufficient digital security in corporate settings, IT departments must integrate smart devices fully into their overall security monitoring and testing processes.
Businesses must also consider the security risks associated with smart devices before they buy, and weigh these risks against the benefits they provide the company.
With pressure from the end users, it is more likely that manufacturers will pay more attention to security from initial manufacturing through to software updates and patches.
7,739 total views, 2 views today