As regular smart home device users, we only have so much power to influence market forces. In this article Jan Youngren, Cybersecurity Expert, and Researcher at VPNpro.com explores a few things we can do to protect ourselves on a personal level when using today’s IoT technology.
Whether you’re aware of the term or not, chances are the Internet of Things (IoT) has made its way into your home. Perhaps you have a Smart TV or a health monitor feeding data to your smartphone. Or perhaps you have household appliances â€“ microwaves, refrigerators, washing machines â€“ that you control over the internet. Whatever the device may be, if it has an online component, it is part of the IoT.
For better or worse, there’s no stopping the spread of the IoT. According to a study by Cisco, the number of connected devices is expected to reach 28.5 billion by 2022. Such staggering growth brings its own security challenges â€“ ones we have avoided in favor of quick progress. Until the situation improves (spending on IoT security is expected to reach $3.1 billion in 2021), consumers should be aware of the risks.
The Three Types of IoT Dangers
At the risk of sounding reductive, let’s divide IoT dangers into three categories:
Physical safety. Increasingly, we can remote-control things: appliances, gadgets, cars, etc. The latter is a vivid example, especially with the advent of self-driving cars. All functions within these machines are controlled by a computer, which is connected to the manufacturer via an internet connection.
With inadequate security protocols, a hacker could gain access to the controls of such a car. Needless to say, this has the potential to cause serious harm to the car and the driver.
True â€“ this is an extreme example. Something you might expect from a James Bond film rather than real life. Yet it’s not difficult to imagine a household appliance malfunctioning and causing damage to people or property. With unprotected IoT devices, â€œaccidentsâ€ like this can be caused intentionally.
Personal data theft. Smart devices store lots of sensitive user data, which can be used by hackers in various ways. The primary risk is identity theft, which becomes easier as fraudsters gather more information on their target. Info available through social media, in addition to data from smartwatches, health trackers, and other IoT devices, makes
For a sophisticated social engineering attack that can cost vulnerable users lots of money.
Moreover, the value of IoT device data will grow as providers of services like health or car insurance start offering better deals to people willing to share data from Fitbit wristbands or automobiles.
Not only can a vulnerability in a single IoT device expose an entire wifi network â€“ it can potentially also serve as a Trojan horse in an attack on the manufacturer.
Malware-related risks. The inadequate security of IoT devices has led to a new threat â€“ botnets more powerful than ever before. Malware-infected devices can be used by hackers for DDoS attacks, querying servers with thousands of requests and completely shutting down websites and services.
As early as 2016, the Mirai botnet was used to launch the most powerful DDoS attack in history against the servers of Dyn â€“ a company controlling a large chunk of the internet’s domain name system (DNS). 100,000 bots (malware-infected devices) managed to severely disrupt the functioning of the internet in America. The catch is that most of these malicious devices were not computers, but rather IoT devices.
Why are IoT Devices so Vulnerable?
Security can wait when it’s weighed up against profits. Getting an innovative technology onto the market faster than the competition means more revenue â€“ and thus the race begins. For the plan to work, devices must be user-friendly. Secure? Not so much.
Case in point: to eliminate the need to configure IoT devices, they usually rely on the Universal Plug and Play (UPnP) protocol. Many network routers allow UPnP devices to make network changes on routers and firewalls. This way, an attacker can open ports on a router and take control of the entire network.
Sounds terrible, but how would someone gain control of an IoT device?
Well, connecting to IoT devices is notoriously simple: many have default login credentials, which can’t always be changed, and can sometimes be found via a regular Google search. That wouldn’t be much of a problem if you could only access them from within the Local Area Network (LAN). However, in certain configurations, UPnP forwards the ports of IoT devices, allowing hackers to scan for them and then hack in using the easy login credentials.
Where Does this Leave Users?
As regular users, we only have so much power to influence market forces. However, there are a few things we can do to protect ourselves on a personal level:
â— First and foremost, configure your router to prevent UPnP IoT devices from making changes. This will prevent hackers from reaching them from outside your LAN.
â— If possible, change the login credentials for your IoT devices: even if hackers reach a login screen, they’ll have to work to go any further.
On a more general level, try to avoid companies with a bad cybersecurity record. While this may mean a steeper price tag in the short term, it may also save you a lot of trouble in the long term.