The world of technology is evolving rapidly and embedding technology into more every day devices to make them more efficient and user friendly; think Alexa and how helpful she is when compiling a shopping list or playing your favorite song on demand – this is just the beginning of the Internet of Things (IoT).
Wikipedia’s definition of IoT is, “The Internet of things (IoT) is the network of physical devices, vehicles, home appliances and other items embedded with electronics, software, sensors, actuators, and network connectivity which enables these objects to connect and exchange data. Each thing is uniquely identifiable through its embedded computing system but is able to inter-operate within the existing Internet infrastructure.”
Building a Secure Future
IoT is the future of home automation and is extending its limbs into the business world and beyond. “Things” like self-driving cars, internet connected refrigerators, app controlled lights, and smart mirrors that can track and recommend skincare regiments are a few new connected devices that we will be seeing more of.
Because IoT devices like app controlled lights and air conditioning are typically connected to the same network as our phones and computers, these devices have access to our personal information and data which is an appealing target for cyberattacks which could affect not only the device it first took hold of, it can spread to other devices that are connected to the same network. The concern many people are sharing is how is my data kept secure? How will we feel secure when Gartner is predicting that there will be 20.4 billion connected devices introduced to our networks by 2020.
Learning Lessons the Hard Way
One of the biggest distributed denial of service (DDoS) attacks in 2016 was caused by a “botnet” which is a network of computers infected with special malware. This particular botnet was called, “Mirai botnet” and it was made up of IoT devices such as digital cameras, internet routers, and DVR players that had weak or default passwords. What made this attack so massive is the fact that the botnets had numerous internet-connected devices to choose from to leverage an attack of its size.
TIP: Make sure that your passwords are strong and unique. You can utilize this tool to generate strong passwords: LastPass.
The Mirai botnet was just the beginning of botnet evolution in the world of IoTs. The newest botnet threat is called IoT Reaper. The difference between Mirai and Reaper is that Reaper is using software hacking techniques that look for security flaws in the code of insecure IoT devices rather than looking for devices with weak or default passwords – the bots are getting smarter. To date, there have been no signs of DDoS threats with Reaper but they have the ability to do damage if and when they choose to.
Here are some vendors that have been targeted by Reaper: NetGear, Linksys, GoAhead, Avtech, and others can be found here.
How Can You Protect Yourself and Your Devices?
IoT device providers are aware of the security issues that leave their devices vulnerable. When feasible, these companies will put out a firmware patch to help secure your device – the problem is that there is no easy way to notify their customers when they release a patch and patches can be hard to install properly. As the IoT world continues to grow, manufacturers should improve their security on their devices prior to being available for purchase to the public. For now, there are a few things you can do today to protect your devices from IoT attacks:
- Username and Passwords – Do not use default username/password combinations for your devices. Make sure your passwords are strong enough that they cannot be cracked by using a strong password generator like we mentioned above.
- Online or Offline – Controlling network access for any unused features of the device can cut down the chances of attack. If the device doesn’t have other devices relying on it constantly then the device can be shut off when not in use for additional security.
- Patch it Up – Check if your device has released a firmware patch, if so, update your device accordingly and continue to check back for any new security updates.
There are other, nerdier ways to help protect yourself and your devices from attack which can be found here. This article also lists different tests that system administrators can employ like penetration testing to ensure your setup is secure.
The World is Getting Smarter and So Are Our Devices
Although security issues with IoTs are a real concern, this will likely not prevent manufacturers from continuing to create smart devices that make our lives easier and become more and more prevalent in our everyday lives. For this reason, we can only hope that IoT manufacturers will step up their security game if Mirai didn’t already prioritize this effort.
The IoT industry is booming and there are lots of new products coming soon that will make our lives easier and more efficient so it’s not all bad in the world of IoT. You can see a list of the latest and greatest IoTs trending in 2018 from CES. For now, make sure to employ best IoT security practices and in the words of Blue Oyster Cult, “don’t fear the reaper”, just be aware of it.