Things are always getting smarter – whether it’s your phone, your TV or even your toaster. The internet of things is all about connecting devices to the internet, making them more convenient to use and maximising their efficiency. The number of connected gadgets is estimated at over six billion, predicted to rise to more than 20 billion by 2020. But as the internet of things encompasses more and more everyday objects, how often do we stop to think about security?
From Wi-Fi routers being compromised, to dolls being recalled after it was revealed that an insecure Bluetooth connection left them open to hacking, it’s clear that security is an issue for all connected devices. Why are the ‘things’ of the internet so vulnerable, and what can be done to improve IoT security in the future?
IoT security flaws are helping to recruit ‘zombie armies’
After the October 2016 DDoS attack that crippled some of the internet’s biggest names, it was obvious that the internet of things was being actively targeted by online criminals. This devastating attack was made possible by a global swarm of compromised devices, such as home security cameras, that had been infected by the malware known as Mirai.
Now a new worm called Hajime has infected tens of thousands of devices, but seemingly for a more benign purpose. Apparently created by a ‘white hat’ hacker, some experts argue that Hajime is intended to seek out and infect insecure devices before real attackers have a chance to. Whether or not Hajime was designed for ethical reasons, it’s still a serious threat that could potentially be used in the future to create a botnet even deadlier than Mirai.
IoT data breaches and threats to physical security
So the internet of things offers fertile ground for DDoS botnets, but the risks don’t end there. Hackers have identified the IoT as a seriously vulnerable part of the internet, and are coming up with new ways to exploit it to steal personal data.
The interconnected nature of the IoT means that if a particular device is compromised, it could grant access to other systems. For example, certain models of smart fridge that connect to Google services have been highlighted as vulnerable to man-in-the-middle attacks, where an attacker who gains access to the network could steal the user’s Google account login details.
Perhaps the most serious aspect of IoT security is where it impacts on physical safety. When ovens can be turned on or off via a mobile app, it’s probably a good idea to make sure those apps are secure. An IBM researcher recently found that he could unlock, track and control his car via a mobile app – several years after he sold it. In the most extreme cases, cyberattacks against internet-connected vehicles could put lives at risk.
How to secure the internet of things
Security experts expect a rapid increase in attacks targeting the IoT, so how can we be better prepared? Before we can make smart devices more secure, we need to understand what makes them so easy to hack in the first place.
Obviously, a lot of ‘things’, like cars, lightbulbs and thermostats, have existed long before the internet, so online security hasn’t been factored into their design. It’s only now that we’re being forced to seriously consider how IoT security should work. For instance, the idea that a mobile app should reset when a car changes hands might sound like a no-brainer, but someone still needs to sit down and actually implement it.
IoT security issues arise partly due to a lack of common standards. With devices running a huge variety of software, it can be difficult to implement security measures across the board. It also doesn’t help when devices run old, obsolete versions of open-source software with widely known security issues.
One of the most trivial vulnerabilities in IoT devices is passwords. The weakness of default passwords is what helps malware like Mirai and Hajime become so relentlessly effective. If a user buys a home security camera and connects it to the internet, should it really be a surprise that having the password set to ‘123456’ or ‘password’ leaves it open to abuse? The problem is that many users probably don’t even realise there is a password, or know how to change it.
Building an IoT security framework
This is where communication and awareness come in. It’s vital for companies to let consumers know how to keep their devices safe. Fortunately, businesses that manufacture IoT devices are getting better at looking at security in its wider context, and developing IoT products with security in mind from the start. Hopefully, we’ll see improved IoT security standards, with enhanced authentication and more guidance on how users can implement security themselves.
Of course, high security standards for smart devices will always require high security in general. A secure network with standard features like firewalls, VPNs, antivirus and antimalware goes a long way towards ensuring IoT devices are kept secure. You should also keep everything as up-to-date and patched as possible. That occasional software update for the smart TV might be annoying, but it’s always worth ensuring you’re on the latest, most secure version.
At Fasthosts, we offer an exceptionally secure infrastructure for your online projects. Whether you’re running websites on our Web Hosting or building cutting-edge applications on CloudNX, our next-generation cloud hosting platform, you’ll find a complete range of security features. You can also rely on our secure UK data centres and 24/7 technical support.