MARCH 20, 2019
The Internet of Things (IoT) is connecting people to technology in unprecedented ways. But these newfound capabilities come with their fair share of controversy and consequences.
Cybersecurity has been largely neglected in most IoT development processes. As a result, security threats like leaks, hijacking, and even home intrusion have become a sad reality when it comes to using IoT devices. And unless manufacturers and device makers start prioritizing security, things may only get worse.
Only a few other technologies rival IoT when it comes to rapid expansion. When you take into account the abilities of this technology, it’s easy to see why: Whereas other Internet technologies and paradigms rely on people exchanging information, IoT connects devices so they can gather, transmit, and receive data themselves.
This fast growth is the main cause of the painful security problems that now plague IoT. The advent of smart home automation devices brought about a race between IoT developers eager to get to market first. As a result, we now have IoT-connected thermostats, lighting systems, refrigerators, webcams, printers, routers, and smart assistants like Google Assistant and Amazon Alexa.
But to get to market first, many developers cut corners. Rather than focus on robust security, they poured resources into new attention-grabbing features instead. It’s a problem that hasn’t really been properly addressed still, and the implications will only become more severe when the next wave of IoT devices reaches the market—imagine medical devices, automobile navigation, and automated teller machines that can be compromised easily.
With this being said, let’s take a look at the current IoT threats that could become more popular in 2019. After all, the problems of the future cannot be sufficiently solved without tackling the ones before us right now.
Spam Emails From Smart Appliances
We’re all familiar with the “Is your refrigerator running?” joke. But thanks to IoT, this is being updated to “Is your refrigerator spamming me?”
Smart appliances like Samsung’s Family Hub fridge possess the same computing capabilities as a modern tablet. So it should come as no surprise that hijacking them can lead to some troubling results.
In 2014, Proofpoint found a fridge full of spam—and no, it wasn’t the brand of canned cooked meat from Hormel Foods Corporation. Basically, the information security research firm discovered that a smart fridge was sending thousands of spam email messages that its owners were completely unaware of.
Making Hijacked Devices Carry Out DDoS Attacks
We can all agree that nobody likes spam (the email or the food), right? But believe it or not, hackers managed to cook up something more sinister than just annoying messages. Similar to our fridge example above, hackers were found to be taking over control of streaming boxes, webcams, baby monitors, and even printers.
Why? To force them to join malicious botnets in executing distributed denial-of-service (DDoS) attacks. DDoS attacks are assaults in which hackers overwhelm domain name system servers by bombarding them with too much data at once.
You may be familiar with them if you live on the east coast of the United States. A few years ago, hackers orchestrated an enormous DDoS attack that resulted in mass internet outages from New York City to Washington, D.C.
Leveraging Lazy Credentials
Trivia time: What do traffic lights, security cameras, and control systems for power grids, water plants, nuclear power plants, and even particle-accelerating cyclotrons have in common? Many of them use “admin” as their user name and “1234” as their password! Wait, it gets worse—the only software you need to connect to them is usually a web browser.
In 2009, developer John Matherly launched the Shodan Search Engine, a tool that lets users find different types of devices connected to the Internet. Shodan also ended up exposing the fact that Telstra Media configured numerous networking devices running OpenSSH (a suite of IoT connectivity tools) on a commonly used port that shared the same keys across more than 50,000 devices.
It’s worth noting that Telstra Media is far from the only culprit of lazy passwords—”1234″ is still an extremely common password. Recently, it was found that many IoT devices are still shipped to stores with default “admin” usernames and “1234” passwords. And many consumers fail to change these credentials unless manufacturers strongly insist on doing so in the instruction manuals.
Home Intrusions Through IoT
Any hacker familiar with Shodan and router remote management could use the flaw described above to invade a home network, search for unprotected IoT devices, and cause considerable damage.
Unsecured devices can broadcast IP addresses that can be found through Shodan searches. If hackers find this vulnerability, they can easily locate the residential addresses associated with this information and sell it on underground websites to other criminals.
With this being said, if you’ve gotten this far in the article, it’s clear you care about IoT security. So take some time right now to make sure your password security is strong!
A Clear Need for Better IoT Cybersecurity
Any of the security issues we’ve discussed are still probable. For all the recent advancements that IoT has had over the past few years, none of them really make up for the large vulnerabilities that any consumer could be exposed to. Cybersecurity isn’t a “nice to have” feature; it’s an essential factor.
Thanks to intervention from governments across the world, it seems that IoT device manufacturers will have no choice but to get serious about these security issues. But only time will tell if these efforts result in safer use of IoT for us all.