IoT Security

Scientists Say Need for IoT Security is HUGE: Here's How to Boost It

Last updated on June 20, 2021

If you keep your home front door unlocked, it’s unlikely that passersby snoop in. But with your online devices – or  Internet of Things (IoT) connected devices, countless people check for open doors all the time.

According to a recent Palo Alto Networks research team report, the vulnerability of more than half of these IoT devices helps hackers succeed. Given that these IoT devices are predicted to rise to 75 billion by 2025, hackers will find many more open portals.

The security implications of IoT are massive, upping the need for IoT security as these devices increase. Update patches and beware of cheap devices.

The need for IoT security is massive.

Our IoT includes our internets, routers, mobiles, connected Barbie dolls, and home security alarms. If hackers infiltrate these, they invade our privacy, stealing identity or  money (among other disastrous effects). Other IoT devices include monitoring systems in buildings and life-saving devices from patient imaging machines to covid incubators, making the security implications of IoT huge!

Fortunately there are things we can do to lock the doors.

What are the security implications of IoT?

Internet of Things (IoT) are all those devices connected to the internet. It’s not just your PC, smartphone, laptop or tablet, but also electronics that have historically been online – like copy machines, refrigerators or coffee pots in your office.

At home alone, IoT includes CCTV cameras, microwaves, lightbulbs, smart TV, car alarm systems, and all those out-of-the-ordinary devices that connect to the Internet. There are about 7 billion internet-connected devices at home and office combined, according to data from IoT Analytics. Around the world, which includes factories, healthcare institutions, banks, retail stores, transportation, governments, cities and countries, up that to 35 billion IoT devices, at the present moment.

If hackers enter any of these systems, they control your devices doing whatever they want.

For example, Twitter, Facebook and Reddit are, every so often, downed by hackers who use compromised IoT devices to bombard these sites with fake accounts, preventing regular traffic from coming to them. Such distributed denial-of-service (DDoS) attacks occur about every 60 seconds to prominent and less prominent businesses, making them lose customers and money.

Other reasons why hackers may want to invade your device include where they use your computer to steal your electricity,  invade your mobile to pay for their expenses and hack your PCs to steal your credit card details and more.

How do hackers crack your IoT?

Knowing how hackers unlock your cyber ¨front doors¨ can help you keep them out.

In his spare time, Ofir Barzilay, Principal Engineering Manager for IoT Security, demonstrates how hackers work:

  • They look for a soft spot for entry, spinning one password configuration after another. Usually they zoom in on likely items like your birthday, license plate number, home address and so forth. Bingo! They found it.
  • Hackers know they have only a small window of time until devices are disconnected, versions updated or passwords changed, so they move fast
  • They program your device to accept their own textfiles (e.g. spyware) that they then upload, so your device becomes theirs. Once under their control, they exploit your device for purposes like crypto mining, DDOS and more.

How can you strengthen IoT security at home?

We can bring hackers to their knees with certain effective methods.

1. Don’t buy IoT devices from a vendor unless it has proven security

Before you buy electronics, check the reviews of those manufacturers for customer complaints; also check their track record for pushing updates to their products. Reputable companies have details on their terms of service and privacy policies. It’s important to know as much about the item before you plug in any company’s  device in your home.

2. Put your devices on a separate network

Plug in no more than fifty devices on a single consumer grade router, with those being your home computers,  laptops and the like. Use a secondary wi-fi router that’s isolated from your main system for your IoT devices. That’s because each device you add to your network sees every other device on that same network, so if one of these devices is infected it infects its neighbors. You could also use a guest network that does the same trick, with the addition that it also isolates the devices that are plugged into that guest network from seeing each other.

3. Change Default Passwords

One of the biggest weakness in IoT security are default passwords. Find out how to create the perfect password here, or get one of the best password managers to do it for you.

4. Make sure your devices are running the latest software

Manufacturers regularly outfit major devices with formal updates for fixing bugs, adding new features and plugging security holes. Regularly check your apps for  notifications on these latest updates. Install them.

5. Use a VPN to strengthen home IoT device security

Most reputable VPNs have apps compatible with the popular routers, or you can buy a VPN-enabled router and make your life even easier.

ExpressVPN is one of the best VPNs for IoT device security, giving you always-on protection for all your devices, from your router, smart TV to your IoT-enabled light bulbs.

How can you strengthen IoT security at your business?

By infiltrating your IoT devices, hackers can harm your quality of service, safety and brand. Such IoT devices include smart locks (allowing business executives to unlock doors from their smartphones), smart-controlled thermostats and lights, voice assistants like Siri or Alexa, connected sensors inside printers to detect low ink levels, CCTV cameras and more. This doesn’t mean you should ditch your tablet for pen and paper. Rather use these security tips:

  1. Keep tabs on mobile devices. Make sure mobile devices like tablets are checked in and locked up at the end of each business day. Use strong passwords or biometrics so that no one can get into a lost or stolen device.
  2. Implement automatic antivirus updates to prevent hackers from accessing your systems.
  3. Require strong login credentials that are unique for each employee. Always change the default password on new devices. Never re-use the same password across devices.
  4. Deploy end-to-end encryption when uploading things to the cloud, sharing data or communicating with you. Use SSL/ TLS where appropriate.
  5. Make sure the device has updates and apply them as soon as they become available. Implement automatic updates when possible.
  6. Keep track of the features on your devices and disable any you don’t intend to use to reduce the potential attack opportunities.
  7. Choose an expert cybersecurity and antivirus provider to provide customized solutions that prevent cyberattacks.

The future of IoT Security

Some things are beyond our control. That’s where the IoT industry imposes its own preventions and that’s where we’re going to see more headway in the future:

  • Authentication – IoT developers give each device its own complex random password during the manufacturing process with that password known only to the owner.
  • Debugging – IoT developers have become particularly careful not to leave any kind of debugging interfaces on a production device. Even if IoT developers think these are hidden, astute hackers could later find and gain access through them to their associated hundred of manufactured IoT devices.
  • Privacy – In the process of development, IoT engineers use a code that later encrypts all details of the IoT owner (who they are, their passwords, locations etc.), making these accessible only to the owner.
  • Web interface – All inbuilt web interfaces are robust, protected against standard hacker techniques like SQL injections and cross-site scripting.
  • Firmware updates – Each IoT device from light bulbs to sophisticated home security systems and intercity IoT is developed in such a way that digital signatures are confirmed by a certification authority system before manufacturers and/ or developers apply their Over-the-Air (OTA) updates.

Conclusion

IoT devices in hands, pockets and homes are a huge and growing industry and traditional security is not enough. Hackers routinely enter through vulnerable unpatched endpoint agents, impacting your safety, security, and brand name.

To really bring these IoT hackers to their knees, practice basic security methods to lock your doors. Methods include checking reviews of vendors, practicing end-to-end encryption, using strong passwords and/ or biometrics, using no more than fifty devices to a network, keeping a tag on your computer equipment and regularly updating all devices.

To adapt a Hindu verse to our IoT situation, IoT is savior of worlds, destroyer of worlds. It’s infinitely powerful. Let’s protect our world.