IoT devices are taking the world by storm, improving efficiencies in every facet of our personal and professional lives. By 2021, there will be a projected 35 million smart homes in the US. Current devices have been shown to be susceptible to infiltration by cyber-criminals, posing a significant threat, to our personal security and even to global networks. Implementation of recommended best practices can decrease the chances of an attack and offer an additional layer of protection, thereby increasing the security of IoT devices.
The Internet of Things, or IoT relates to devices which connect to the internet or to each other, via the internet, creating a network of devices. Integrating sensors and programmable capabilities, IoT devices are revolutionizing our everyday lives as well our professional lives, creating efficiencies, and improving our quality of life.
IoT devices include a wide range of tools implemented in manufacturing, agriculture, smart homes and more. For instance, smart sensors can control the amount of water used in a field, based on the level of precipitation, cutting costs, and optimizing the amount of water used. In smart homes, motion detectors connect to thermostats, for optimal energy consumption, coffee makers connect to alarms, for those who need their coffee in the morning, unlock front doors via a remote control application, when kids call saying they forgot their keys, and printers automatically order new cartridges when ink levels are running low, to name just a few examples.
According to Gartner, the installed base of IoT devices in 2016 was close to 6.4 million, of which 62% were consumer devices. IoT endpoints are expected to grow at a 32% CAGR from 2016 through 2021, to reach an installed base of just over 25 billion units in 2021. In 2021, 7.6 billion IoT powered products will ship, of which 64% will be to the consumer market. According to Insurance Quotes, 45% of renovating homeowners installed smart systems or devices in 2016 and by 2021, 35.6% of US homes will be smart homes, for 35 million homes.
IoT Security Risks
While these smart devices have certainly improved our lives, they come with vulnerabilities leaving them susceptible to cyber-attacks. In fact, IoT devices are extremely easy to hack, offering multiple points of entry into our personal data and security systems, putting users at significant risk. For instance, by remotely monitoring smart home sensors, criminals can identify when the home is empty. They can exploit system weaknesses in IoT powered garage door systems, or smart lock devices, to easily break-in to homes.
Remote attacks could target our passwords and credit cards, as this data is easily accessible from within our networks. Our webcams and baby monitors can be taken over to record our personal lives, leaving us vulnerable to blackmail and extortion. Even simple devices, such as Hoverboards, which include Bluetooth connectivity, have been shown as being susceptible to hijacking, enabling remote control by a cyber-criminal and placing the user at physical risk. On larger scales connected cars, hospital monitors, airport systems and more could be infiltrated and controlled, leading to disastrous outcomes. In fact, just a few months ago the FDA recalled 465,000 Abbott pacemakers (formerly from St. Jude Medical) which were found vulnerable to hacker attacks.
Furthermore, after gaining access to personal networks or internet routers, cyber-criminals can exploit the connectivity to launch DDoS (Distributed Denial of Service) attacks against companies, by overloading their systems with requests, thereby preventing them from answering legitimate requests, and can to turn IoT devices into access points for spreading viruses and malware. For example, in October 2016, a network of IoT devices was infected with the botnet Marai, which launched a DDoS attack on DNS solution provider, Dyn (now Oracle), preventing traffic from reaching prominent customers, such as Amazon, Etsy, Twitter, the NY Times, Shopify, Netflix and more.
Similarly, attackers can launch man-in-the-middle attacks, interfering in the communication between to legitimate IoT nodes, by gaining access to networks and posing as a node. The cybercriminal can then monitor, eavesdrop and even control communications between their nodes.
Clearly, enterprises must implement security protocols to protect themselves from these vulnerabilities, however, with the majority of IoT devices currently deployed by consumers, it is imperative that all IoT consumers also implement security measures as well. Below an overview of recommended methods to secure your IoT devices.
Choose Who You Trust
As IoT gains market share and becomes the norm, more and more manufacturers will include connectivity in the devices their devices. However, as these devices have currently been shown to have security concerns, it is important to purchase these devices from trusted manufacturers. Well-known companies who place security high on their priority list and have proven track records in the integration of security measures in their products. Larger players will likely be more responsive in the event a security breach is uncovered.
Evaluate the security features and capabilities of devices and make an informed choice, thereby ensuring the devices in your network or as secure as possible.
Use Strong Passwords and Advanced Authentication Measures
Most devices come with default passwords. Make sure to change this password to a unique one, and even if the device doesn’t insist, choose a strong password, that is hard to hack. The same goes for online registration of devices to cloud services and for your Wi-Fi network.
Evaluate additional security measures of your devices, and utilize them, such as fingerprint controlled access, lock-screen passwords, and second-factor authentication security keys. By making it harder to hack into your devices and networks, you are adding a protective layer to your vulnerable devices.
Secure Your Networks
In addition to strong and unique passwords on home Wi-Fi networks and on the router administration page, it is important to implement computer and networking security measures. Install firewalls to decrease the chances of attacks. Beware of phishing attempts. Stay away from shady webpages, and don’t click on links you are not sure of. Scan for viruses and only open attachments from sources you trust. Update software and operating systems to ensure optimal protection. By securing your computer network and router, you can decrease the chances for network access.
Be Your Own Guest
Much of our private data is found on our computers. To prevent hacking of this protected information, IoT devices can be installed on a different network. Create a “guest” network for IoT devices, so that in the event of infiltration of these devices, the computer network is not at risk.
Review your devices to see what services they include. Turn off services that are unnecessary to you, such as geolocation. Turn off microphones and cameras when not in use. If a device does not need to be on consistently, consider turning it off when not in use, thereby decreasing the chances of an attack.
As Bluetooth has been shown as an easy way to access devices, turn this connectivity connection off when not in use, so as to avoid unwanted matching with other devices.
Keep Up to Date
Unlike software products or mobile phones, IoT devices may not send out system updates or software patches. Be sure to periodically check manufacturer’s websites for these patches, and to discover if there are changes available for firmware. These patches often include protection against security vulnerabilities uncovered.
One way of uncovering if you have been compromised is to monitor your bandwidth usage. If your network is running slow and using a percentage of your bandwidth, you may already have been hacked. Regular monitoring can enable early detection.
Security Must be a Priority
The security limitations of IoT devices and associated risk are gaining exposure, and it is likely that the coming years will see innovation and standard adoption which will solve these challenges in the coming years. However, as most consumers already have a host of IoT devices, such as webcams, baby monitors, intelligent personal assistants, exercise monitors and more, protecting ourselves cannot wait for the market to offer a solution.
Smart consumers should implement the above safety measures in order to keep protect themselves and their data, as well as reduce the chances of their networks being hijacked in global attacks on enterprises. By defining unique and safe passwords, adopting smart computing practices, utilizing security software and keeping all systems up to date with latest patches and firmware, consumers can decrease their chances of unwanted infiltration to their networks.