There are over 7 billion IoT devices in existence today. By 2025, statistics from research giant Gartner in conjunction with IoT analytics indicate that IoT devices will hit 64 billion.
That means that in the next five years, IoT will be everywhere; from the moment one wakes up to the time they go back home, they will interact with tons of gadgets, buildings, machines and more all connected to the web.
While that is a good thing, there is a risk that many are yet to take into consideration—the lack of proper cybersecurity measures. With such accelerated growth and the need to meet demands, manufacturers are not taking the time to focus on security. As such, hackers are exploiting the following IoT security loopholes.
IoT devices are network vulnerabilities
A prime example that is often touted as a cautionary tale in the IoT world is that of an internet-connected fish tank that gave hackers access to a casino’s database.
According to a report released by Darktrace—a cybersecurity firm—in July 2017, hackers exploited a vulnerability in the casino’s aquarium thermostat and used it as an entryway to the network and all the devices connected. They then went ahead and accessed a high-roller database and pulled it out of the database through the thermostat to the cloud.
This is not an isolated case. Cases exist where individuals have lost incredibly valuable personal data due to hackers targeting Wi-Fi printers. Any smart device connected to your network creates an entry point to it, which hackers can exploit to access more important sensitive data on neighboring hard drives. Less sophisticated devices such as Wi-Fi printers, smart fridges, or as seen above, internet-enabled fish tanks are easy targets you must take extra care to protect.
Attacks through weak passwords
Remember the infamous Mirai incident? The botnet malware that knocked incredibly popular and notable websites across the world offline two years ago? Well, that was due to weak passwords.
Essentially, the Mirai malware scanned IoT devices which were still using default passwords, it then ‘enslaved’ them using malicious codes to launch a Distributed Denial of Service (DDoS) attack. A DDoS attack is when a network is flooded by more requests than it can handle (bogus requests) and consequently it shuts down or rather makes a network resource unavailable to intended users.
According to a report by Dyn—the DNS provider that was the target of the Mirai attack—100, 000 devices were used in the attack. Attackers infected all these devices with the Mirai malware which is capable of taking over routers, cameras, DVRs and a host of other IoT devices. If you don’t want your personal device to be involved in cybercrimes, password-protect it immediately upon purchase. More on that later.
Elsewhere, a report by the Royal Academy of Engineering in the United Kingdom warned that health tech, i.e., pacemakers connected to the internet could have severe consequences for patients if hacked. Appallingly, most are incredibly easy to hack – simply enter its factory default password and the patient’s life is at your mercy.
The exploitation of ill-configured devices
Last year in July, two different hack groups employing varying strategies managed to hack Cisco and Huawei routers. One group of hackers used a backdoor to break into Cisco routers while the other used an older vulnerable code to access Huawei routers.
Recently, in 2019, Vodafone said it found a backdoor in the software of Huawei home routers and the optical service nodes. These are just two examples, but as more IoT devices continue to hit the market, you’ll most likely be in touch with one.
That raises a question; with such real-life and frightening examples of the dangers inherent in lax cybersecurity measures when it comes to IoT devices, what can you do about it? To start, you can consider the following cybersecurity best practices that each household or business should keep in mind if they are to avoid a situation where IoT goes wrong.
What can be done to protect IoT devices and sensitive data?
1. Encrypt the network
Encrypting the network is essentially using cryptography to deter hackers. One of the most comprehensive solutions that allow you to encrypt your entire network is a Virtual Private Network.
A VPN is a private network over a public network that routes all your traffic through a secure tunnel that hackers cannot penetrate. With regards to IoT devices, to avoid a scenario like the one noted above—the fish tank hack—all you have to do is purchase a router VPN.
A VPN on the router will encrypt all the devices in your home network or business network, which means a malicious cannot use your smartwatch, HVAC, or smart appliances to get a foothold in your network.
2. Practice password best practices
Password best practices is a thorny issue because, despite both global awareness on data breaches and hacking and the fact that 91% of internet users understand the risk of weak passwords and password recycling, 59% still use the same password for each account.
That is both frustrating and heartbreaking because the cost of a data breach or cyber-attack is catastrophic for both organizations and individuals. To avoid becoming a victim and to mitigate attacks, i.e., the IoT DDoS attacks, organizations and individuals must practice password best practices.
These practices include changing the default password for each IoT device you set up. Second, ensure each device has a unique, random, and long password. Third make the password as complicated as possible, for instance, don’t use 12345679 or Basketba11 as your password, go for something like nnx8@)SDF:V8]GuW.
In conjunction with this, to help you generate and manage such passwords for all your devices, consider getting a password manager. The manager will store all these passwords for you in a secure vault, so you do not have to struggle to remember them.
3. Scrutinize the devices that you buy
When purchasing IoT devices, go for devices with a good reputation. The rise in IoT technology will see the emergence of numerous companies. To avoid companies that create substandard devices; it is essential to do due diligence.
Without a doubt, IoT will bring with it uncountable benefits—from efficiency in market places to increased communication and better monitoring.
However, it is vital that everyone, both consumers and manufacturers, weigh the benefits against the possible risks and find ways to deal with the risks. Implementing the cybersecurity best practices mentioned above is a good place to start.