The Internet of Things (IoT) and Maintaining Cybersecurity
By Michael Fernandez
June 17, 2022
What is the IoT?
The Internet of Things, also known as the IoT, are the physical devices connected to the internet that collect and share data. The creation of cheap computer chips has led to a growing variety of IoT technologies. IoT devices can be as small as a grain of rice to as big as a cruise ship. Some common examples of IoT that are common include smartphones, computers, the TV, game consoles, smartwatch, etc. But less common items are where the threat is the greatest—tems such as a smart-fridge, a thermostat, Amazon Echo or Google Home, and even a car. Physical things as large as a house, can be vulnerable to something as small as an item in the palm of a hand. In one study regarding Smart Home cybersecurity for example, over 12,000 attacks occurred against Smart Homes in a single week. Anything that can connect to the internet is part of the IoT, and is also vulnerable to cyber-warfare. By implementing a good security system, IoT devices become more secure against unauthorized access.
How Do IoT Devices Get Hacked?
IoT devices are vulnerable to many different forms of cyber attacks. IoT devices can get hacked through a variety of means, though the most popular is through an unsecure network connections. One of the most popular attacks for IoT devices is brute-forcing passwords on Telnet and SSH services that are not disabled. After the malicious actor has gained access to those services, attackers can download malware to the device or gain access to valuable information within the device. There are other prominent methods of being hacked are through mass vulnerability probing, intercepting the cellular network, and reverse engineering firmware.
How Can User Protect Their IoT Devices?
Considering that so many different aspects of technology are categorized as part of the IoT, this makes IoT security more challenging. There are not many laws or regulations on IoT security, and as such developers and manufacturers do not have set standards on what security functions to protect when developing products. While there are no set regulations, there are good security practices that can be followed to better protect a system and related user account. Some good common security practices for users are to:
- Keeping your firmware fully updated
Smart devices, while it might seem unlikely, have vulnerabilities that are discovered after the product’s release. Patches come out routinely designed to fix the discovered vulnerabilities. A good way to make sure the devices are routinely updated is to turn on the auto-update function if it is available.
- Change all default passwords
Most smart devices come with a default password of either “admin” or even “12345”. Making sure to change the password, regardless of what device it is, will be one extra layer of protection from botnet attacks.
- Disabling remote login capability
Many smart devices that are found in the household are able to be controlled from a mobile device. If there is no need for remote access to the garage, a lightbulb, or the front door for example, disable the connection. Turn off remote connections when they are not immediately in need of use, it is one extra layer of protection from an IoT hack.
- Secure the network with firewalls
All devices that are connected to a network needs firewall protection. A common thing found in businesses are that the company devices will be on a secured network, while the IoT devices are on a public network. Regardless of what network your IoT devices are, ensure they are protected by firewalls.
IoT Cybersecurity Threats to Organizations:
Every organization, regardless of size or net worth, is vulnerable to an IoT attack. An IoT attack can leave an employee, department, or even the whole business vulnerable. In 2018, a North American casino was hacked and the private information in the high-roller database was stolen and uploaded to the cloud. How you might ask? The fish tank thermometer; a smart sensor IoT device that was connected to the network of the casino was breached. In another 2018 breach, a hacker created an IoT botnet attack that compromised 18,000 routers in China within a 24 hour period. Cybersecurity is an important part of the future, and being protected in the cyber world is just as important as the physical world. While there are no set standards, some good security tips organizations can follow are to: align the operational technology with IT and security, understand what third party hardware is interconnected with the system, and to conduct regular vulnerability assessments on devices. Implementing a few of these methods will make the IoT system less vulnerable to attacks and being breached.
How companies can minimize threats to users
There are hundreds of hours devoted to the development and manufacturing of software and other associated products. However, when there is no set standard for cybersecurity in place, what needs to be prioritized? Organizations should prioritize defense from IoT botnet attacks, DNS threats, IoT ransomware, physical security, as well as shadow IoT.
Creating a streamlined and secure service is a company’s main mission, by implementing and maintaining secure networks, the protection of users is achieved as well as the protection of the organization. Some companies prioritize the security and anonymity of their users. An efficient way to protect user data in IoT devices is by eliminating the need for the user’s data. No data provided means no data stolen or sold.
humanID has successfully accomplished this, by creating an anonymous, bot-resistant authentication system which has led to the creation of safer online communities. By simply providing only your phone number, it creates an anonymous profile that can be used to access the internet from. This ensures privacy, and protection while still providing full access to the internet. humanID was created with the benefits of the internet community at large in mind, that being the mission, partnering with humanID is easy.
Summary
The IoT spans across billions of physical devices, across hundreds of thousands of networks. Not all IoT devices are going to be hacked by a malicious actor, but all IoT devices have the potential to be. Prioritizing cybersecurity for all devices connected to a network will lead to a safer internet and a lowered risk from attack.
Methods such as updating all devices to the latest software updates, changing default passwords, and conducting regular vulnerability tests are a few good ways to protect IoT devices.