IoT is flawed. If a smart, imaginative team built the service, there’s a smarter and more imaginative attacker waiting for you. Whatever appears Smart may also be fully vulnerable to serious threats. When more untested devices join an IoT network, it gets increasingly complicated to track potential blind spots leaving the system open for cybercriminals.
98% of all IoT traffic is NOT encrypted, making it the lowest hanging fruit for attacks. In all honesty, attackers have been innovative in using the existing issues in the devices and sneak in. So be it secretly extracting information from internal networks or launching direct infrared laser attacks on devices, it is safe to believe that IoT is not safe.
The Open Web Application Security Project (OWASP) confirms that the absence of basic security measures is still the leading cause of most hacks. Lack of input/output data filtering, weak encryption, poor authentication protocols, and even substandard hardware have put 57% of networks vulnerable to medium-to-high severity attacks.
What Went Wrong? Putting Features Ahead of Security
Despite the best of breed engineers and designers in the business, IoT manufacturers prioritized time-to-market over security and endlessly produced devices with limited computational abilities.
The flaws in the IoT devices provide an easy passage for the attacker to perform a wide variety of attacks. For example, Man-in-the-middle (MITM) attacks wherein the attacker alters the communication between two ends (devices) have resulted in massive damage.
Others include secretly monitoring confidential conversations (eavesdropping) on the target and extract crucial information. In extreme cases, attackers have gained access over central units and hence manipulate all the devices in the network. Consequentially, devices using heterogeneous transmission technology lacked standard security protocols.
Infamous IoT Attacks At a Glance
Most IoT establishments end up exposing sensitive user information. This was hard to digest until research from Trend Micro in 2017 confirmed that Sono smart speakers were easily available for anyone over the internet to use the open ports.
Researchers infiltrated a network through Philips Hue Light bulbs. The Zigbee communication protocol could be easily abused to install malware across the network and alter the bulb lighting and color.
In another instance, a brute force attack was successfully launched to log in to the Zyxel NAS products. Imagine the seriousness of the situation when attackers have successfully spread the malware and weaponized the devices.
The largest DDoS attack ever was launched in 2016 on Dyn using an IoT botnet. This was an infamous event that shut major services such as Guardian, Twitter, Netflix, and CNN. It continues to serve as an important case study in reinforcing security in IoT networks. Since the event, the number of attacks has tripled.
The impact of IoT hacking is not only massive but also extremely inhuman. In early 2020, CNN reported about the vulnerability of implantable cardiac devices. These devices from St. Jude Medical institution could be hampered by an attacker alter the pacing and cause heart attacks.
So does that completely put the poor production at fault? Certainly not!
Alongside Manufacturers, Users Are Equally Guilty Of Not Embracing Standard Guidelines
Smart devices need smart users. But the age-old complaint of ignorant consumers continues to be the major bottleneck in producing a protected ecosystem. A study revealed that 29% of users didn’t change the default passwords in their devices. Only 76% of users in the same study were concerned about the security of their data. It further confirmed that if users took proactive measures, the risk of IoT failure cloud is contained to a greater extent.
What Can Users Do? Research Before Plunging Into Fancy Offers
This study by ESET/NCSA laid a few suggestions for the users that could help. Besides basic practices such as frequently changing passwords, cleaning unused apps, and changing default settings, users were advised to do thorough research before using a third-party application such as a VPN and others. It explained the benefits of using quality software applications.
Start by changing your VPN. This is important because VPN services are the gateways we trust upon for streaming our confidential data. Although most of these apps do provide a complimentary subscription, they may be trading your confidential data. Therefore, lightning-fast bandwidths are all fine but useless if security isn’t assured.
Explore VPN services that haven’t surpassed end-to-end encryption of the data streaming through them. You can check their product description for the security measures followed. Furthermore, probe about their reviews, customer feedback on different forums.
Consider some next-generation VPN services such as Nord and Switcherry VPN that use edge computing for keeping your data processing to the local servers. Since centralized data processing is a risk, edge computing prevents data from traveling to servers located thousands of miles away. As it isn’t exposed to a large network, the feared exposure is eliminated.
Going Forward From the Internet of Things to a Safer Internet of Things
All IoT networks are designed but only a few of them are designed well. The previous decade was instrumental in producing billions of connected devices. Going forward, the focus will and must shift to fortifying these connected assets. If data is the driving force of the digital world we ideate, safeguarding it should be the prime focus.