What is the Biggest IoT Security Issues?
One study by Gartner estimates that the total number of IoT devices will reach over 20 billion by 2020. More businesses and consumers are realizing the importance of going digital and that’s just one of the reasons why automatic light sensors and smart refrigerators etc are increasing in popularity.
To responsibly manage each IoT device, manufacturers make use of a command and control center. This center is responsible for ongoing software updates, and patching vulnerabilities and bugs as they come and go. While all this sounds good on paper, research shows that at least 55% of IT professionals cite IoT security as their main challenge.
The only problem with this much interconnectivity is that every extra device adds more endpoints to a network, which only adds to the security challenge.
This is because cybercriminals are getting increasingly creative with exploiting vulnerabilities within an IoT device. Doing so gives them access to a business’s corporate borders.
The following 7 issues pose a security threat to networks that have IoT devices.
1. Lack of Compliance by IoT Manufacturers
The biggest reason for security vulnerabilities in IoT devices is the complete lack of regulation in the industry. This means that manufacturers are under no obligation to meet compliance goals.
For example, a smart TV can expose account login credentials, and a smart ‘doll’ with a speakerphone can give hackers access to auditory feedback within a 20-meter radius. True story.
Most manufacturers continue to create IoT devices that have poorly thought out security features. The following security risks can be fixed if manufacturers stop being sloppy:
- Hardware problems
- Unsafe update mechanism
- Weak passwords
- exchange of data takes place over an unencrypted connection
When manufacturers stop patching their devices and software with new firmware, hackers will find new loopholes and make sure to exploit them. Most manufacturers are concerned instead to push new devices in the market with the latest software instead of providing support to past devices. While this helps them rake up sales, it doesn’t tackle the security vulnerabilities that older hardware is now exposed to.
Manufacturers should patch their devices once they learn that they’ve been broken into. If phones and computers can receive continuous and automatic updates, there’s no reason why IoT devices should be left ignored.
2. Users are not Trained
Most users have become fairly well-versed with traditional phishing emails, spam, and viruses. But because IoT devices are still relatively new, many people don’t have a clue about the potential security risks they are exposed to. This is as true for residential users as it is for business users. Even the best security features are only as good as the user operating it. This means that the user’s general lack of awareness puts the entire system at risk.
3. IoT Devices Are Weak Against Physical Attacks
Most IoT devices have weak structural designs that allow hackers to break into them. This can become a problem because most IoT devices operate autonomously without intervention from users. In most cases, these devices stay in remote areas for long periods of time. Opportunists could break into these devices and physically change them – not to damage them, but to gain access to information.
It is the onus of the manufacturer to bolster the physical security of their IoT device by building secure sensors. This, of course, is a challenging task if the device itself is fairly low-cost. Nonetheless, manufacturers should at least deploy measures to shut down a device once it has been physically tampered with.
The manufacturer’s sloppiness does not absolve the user from doing all they can to keep their devices physically secure. A video camera or motion sensor that is located outside their house can be easily tampered with if not protected properly.
4. Botnet Attacks
A botnet attack is when swarms of infected IoT devices attack a system. For most cyber attackers finding a way to deliver malware isn’t to a vulnerable IoT device isn’t the challenge, but using the device to bring down the network continues to remain their biggest issue. Once they gain control over dozens—if not hundreds—of IoT devices, they suddenly have more control.
This happened in 2016 with the Mirai bot attack when multiple DDoS attacks were sent using thousands of home routers, IP cameras, and NAS to affect the DNS that powered platforms like Netflix, Reddit, and Github.
Once IoT devices are affected, they turn into the equivalent of infected zombies and can be used to send massive amounts of traffic.
5. Eavesdropping, Spying, and Espionage
Once hackers gain control over IoT devices by affecting them, they effectively become spies and carry out extremely dangerous attacks covertly. In other words, they are able to invade the privacy of owners of infected devices.
Any data that goes through the device can be compromised and used against the owner. Devices that record sensitive information include wearables, cameras, webcams, smart toys, smart refrigerators, and more. This can quickly become a problem on an industrial level when a business becomes targeted by hackers to expose sensitive information. Many governments around the world are, therefore, starting to ban certain IoT devices that have security problems.
6. Mining for Cryptocurrency with IoT Networks
Although a single GPU, CPU, or even video camera is not powerful enough to mine cryptocurrency, an army of them connected over the internet can do the job fairly easily. In fact, Monero, an open-source cryptocurrency was one of the first digital currencies to be mined using infected IoT devices. IoT attacks on crypto markets can cause financial chaos on an unprecedented scale.
7. Inadequate Security Features
It’s time for manufacturers, governments, and regulatory bodies to create universal IoT standards to regulate IoT security in homes, businesses, manufacturing plants, and other areas. Since it’s clear that our IoT systems aren’t secure enough, both users of IoT devices and their manufacturers have to do their bit to defend against cyber attacks.