IOT RISKS- In October 2016, one of the most complex and devastating cyberattacks ever took down major sites like Twitter while greatly deteriorating user experience on multiple other high profile sites including PayPal, Spotify, CNN, Mashable, Yelp, The Wall Street Journal, and The New York Times. The scale of this DDoS attack was particularly astonishing thanks to the enormous traffic emanating from hundreds of thousands of unique Internet addresses. It turns out a hacker had identified a loophole in a certain model of security camera. By taking over these gadgets, the attacker could direct massive traffic to targeted sites. This renders the websites inaccessible to legitimate users. There’s no question that the Internet of Things (IoT) has numerous advantages. Yet, this attack is a classic example of how IoT can be a hugely destructive weapon in the hands of persons with ill intent. And it’s not just cameras that can be hijacked in this way. From cars and refrigerators to thermostats and smart locks, anything with an Internet connection is a tempting target for hackers.
The Internet is no longer just a network of traditional computing devices like servers, routers, switches, desktop computers, laptops, tablets, and smartphones. In fact, the number of IoT gadgets is expected to eventually far exceed conventional computing gadgets. From refrigerators relaying an update of the freshness of food, to a car transmitting oil level information to its owner, IoT is a convenience in many ways. However, as several IoT-related cyberattacks show, it also comes with formidable risks that cannot be ignored. We cover some of the biggest IoT risks below.
1. IoT device manufacturing process
Manufacturers release an untold number of IoT devices into the market each day. Many of these are new models and have undiscovered vulnerabilities. Manufacturer omission is responsible for the vast majority of security issues bedeviling IoT devices. Many device manufacturers see Internet connectivity as a plus to their device’s function and not a core feature. They, therefore, do not devote as much time and resources as they should on ensuring their product is secure from cyberattack.
For instance, some fitness trackers with Bluetooth connectivity remain visible after their first-ever pairing. Some smart refrigerators expose Gmail credentials. There isn’t a universal standard for securing IoT devices. That, however, is not a justifiable reason for creating poorly secured devices. The biggest IoT risks emanating from the manufacturing process include weak passwords, unsecured hardware, absence of a patching mechanism, and insecure data storage.
2. Lack of user awareness and knowledge
Thanks to decades of awareness, the average Internet user is fairly adept at avoiding phishing emails, disregarding suspicious attachments, running virus scans on their computer, or creating a strong password. But IoT is new territory and remains unfamiliar and misunderstood even for many seasoned IT professionals.
Whereas the majority of the biggest IoT risks can be traced to the manufacturing process, users are a far more dangerous driver of IoT security risks. This is especially so when users are ignorant of IoT functionality. Deceiving a human is often the easiest means of infiltrating a restricted network without raising suspicion. Hackers can do that using IoT devices.
The 2010 Stuxnet worm attack on an Iranian nuclear facility was caused by the infection of centrifuge-controlling software via a USB flash drive plugged into one of the plant’s computers. Modern centrifuges are a type of IoT device as they are heavily IT-dependent. Some reports estimated that Stuxnet physically damaged about 1,000 centrifuges.