For nearly every internet user, security is a top priority. These days, it’s second nature to proceed with caution online. We are always careful to never share and reuse passwords, we log out of our accounts on shared computers, and are quick to dismiss malicious spam emails. Unfortunately, even the most security-minded individual can slip up when utilizing IoT.
IoT is shaping up to be the tech of the future, but can cybersecurity standards keep up? Most people are completely ignoring the dangers of IoT.
Easy Doesn’t Mean Safe
IoT devices offer convenience but often, that’s just as far as they go. Manufacturers design IoT devices to be marketable but it comes at the expense of security. Universal Plug and Play Protocol, for example, is a connection process for new devices that are quick and easy. For most users bringing their shiny new device home, the last thing they want to deal with is a lengthy connection regimen. Instead, UPnP allows an instant and automatic connection to a remote network without any required authentication.
Using default passwords is another issue. Factory set passwords rarely get reset to more secure passwords. Often time, they are made with common characters which make them easy to discover and hack.
Much of the questions surrounding IoT security come from the lack of industry-wide standards. Over 50 separate standards are in development with independently determined requirements, specs, guidelines, and uniquely focuses on specific market niches. With poor security default settings and often outdated security patches, IoT devices can be vulnerable to cyber attacks.
Hackers can easily access IoT devices and use them to:
- Distribute malicious or spam emails
- Steal critical private data
- Interfere with important financial transactions
- Gain access to other devices connected to the same network
- Hold your device ”hostage” until a demanded ransom is paid
The Dangers of IoT
In September 2015, these risks got so bad that even the FBI issued a warning. The FBI reminded users of the risks of bringing IoT devices into the home or workplace.
Keeping up with security and software updates and using strong and unique passwords go a long way in the world of cybersecurity. Just a year after the said warning, however, the worst was realized.
In October 2016, some hackers unleashed a botnet attack against Dyn. It’s one of the largest DNS companies in the world. The Mirai malware bot disabled huge parts of the web- from Twitter to Netflix to CNN. It amounted to the largest DDoS attack.
Shockingly, this attack was made possible through hacking computers and IoT devices with only default passwords to protect them. In this case, IoT didn’t stand a chance. A network is only as secure as its weakest device and most of the time, that weakest device is of the IoT variety.
Be Proactive About Protecting Your Network
So, with all these risks surrounding IoT, how does one protect themselves from attack?
- Isolate your IoT devices. Ensure that they have their own dedicated and protected network.
- Disable the UPnP options on routers
- Ensure your WiFi password is unique and has strong encryption
- Only buy IoT devices from reputable manufacturers. They should have a good track record for security measures.
Even little precautions can make a big difference. Here are some of the things you can do:
- Keep all passwords unique. Never reuse them for other devices or networks.
- Stay vigilant with security updates for devices. You should never buy a device that can’t be updated.
- Be familiar with your network as well as the devices connected to it.
IoT has the potential to connect every device in the world. However, before we can enter the Internet of Everything, better security measures are needed.
If you aren’t sure how to protect yourself from the dangers of IoT, you can take a look at the infographic below about the current state of IoT security. It can give you a clearer idea of how industry standards are keeping up and what users can do to protect themselves, their devices, and data from cyber threats.
Like this Article? Subscribe to Our Feed!
Author: Brian Wallace
Brian Wallace is the Founder and President of NowSourcing, an industry leading infographic design agency based in Louisville, KY and Cincinnati, OH which works with companies that range from startups to Fortune 500s. Brian also runs #LinkedInLocal events nationwide, and hosts the Next Action Podcast. Brian has been named a Google Small Business Advisor for 2016-present and joined the SXSW Advisory Board in 2019.