Bad actors are increasingly targeting connected devices, and network providers are fighting back. But when it comes to protecting the IoT, a one-size-fits-all approach simply doesn’t fit. The security measures that protect IoT devices in business settings don’t readily translate to devices in consumers’ homes, says Marcio Avillez, SVP of networks at CUJO AI. In the latest Intelligence of Things Tracker, Avillez makes a case for taking a device-specific approach in thwarting threats to smart homes.
Consumers often find the promise of greater convenience to be a convincing reason to buy connected devices. Unfortunately, reports of breached connected devices are all too frequent, and consumers may find they are introducing not just connectivity, but also bad actors, into their homes.
IoT-related breaches are innumerable. In 2017, the FBI warned consumers against purchasing IoT-connected toys, stating that such devices could be hacked and used to record and spy on children. Later the same year, researchers at a security firm in Tel Aviv found a weakness in an LG-manufactured connected vacuum that could allow malicious actors to watch people in their homes through the vacuum’s camera. Stories of good tech falling to bad actors have only continued to come out as IoT presence in homes increases.
Marcio Avillez, senior vice president of networks for software solutions provider CUJO AI, believes that protecting smart home devices presents a unique challenge.
“On a computer or laptop, or tablet or even mobile phone, you can put software on it — an endpoint solution that can protect it,” Avillez said. “But when you look at all these devices people are bringing into their homes in increasing quantities — cameras, thermostats — you’re not able to add to them. [And] the threats that those enable are very different than the threats you get with a computer.”
While cybercriminals are more likely to get the most bang for their buck by accessing large organizations with troves of valuable data, there are several reasons that draw them to exploit security flaws in home devices, Avillez said. Among the most common are gaining remote access for spying, commandeering the device for bitcoin mining and using the device to launch part of a DDoS attack.
But change may be on the way. According to Avillez, artificial intelligence (AI) and machine learning (ML) could provide a cure for at least some of what ails the connected home space.
Home Is Where the Hacking Is?
There are several reasons why many security solutions that work effectively in other sectors fall short of protecting smart home devices, Avillez said.
The inability to add security software to most connected appliances means an approach that works well for devices like laptops or mobile phones won’t work for IoT-enabled tech.
Turning to businesses for security models also falls short, he explained, making matters even more complicated. Enterprises hoping to ensure a secure network typically use a firewall box equipped with powerful computational abilities to decrypt and examine network packets, which will be flagged for further examination by the company’s system operator if suspicious behaviors are detected.