In the present day, Internet-of-Things (IoT) is extensively used in various fields. Companies including Samsung, LG, and Apple have introduced home appliances that incorporate IoT as a part of their smart home business.
Almost any device can be connected to IoT, including printers, routers, thermostats, coffee makers, webcams, refrigerators, and home automation hubs.
But are you aware that a meta-study estimated 80% of IoT devices as vulnerable to attacks? Also, according to the same meta-study, 6 out of 10 devices that offered user interfaces were vulnerable to a range of weaknesses such as weak credentials and persistent XSS1.
Even connected baby monitors are vulnerable to hackers, as many horrified parents discovered too late when hackers spoke to their young children through compromised devices.
The majority of the IoT devices are designed to gather and respond to human behavior such as motion and voice through built-in sensors. In the absence of high security, personal information could be leaked.
This article will discuss how IoT can cause security threats to the home. It is safe to be aware of the risks involved in using this technology.
1. Hardcoded or Default Passwords in IoT Devices are Security Threats
Usually, manufacturers and software companies use hardcode passwords into IoT and other devices to simplify things. But hardcoded credentials are favored targets of cyberattackers for password guessing exploit. Once the hackers and malware guess the password, they can hijack devices such as your health monitoring equipment, systems, and software.
What’s more? Developers and other IT workforce often embed passwords in code to gain easy access. And at times, these passwords are forgotten and left embedded, plain text in code.
In one such incident, infamously known as the Uber Breach, an Uber employee published plaintext credentials within source code which was unintentionally posted on Github. Hackers were able to uncover information about 57 million customers and about 600,000 drivers.
To avoid this, make sure to acquire in-depth knowledge of cybersecurity by taking up an online course or doing a full-time course.
2. IoT Devices Fall Easy Prey to DNS Hijacking
Your IoT home appliances, especially routers, can be easily hijacked with a technique called DNS hijacking. A study made by the American Consumer Institute found out that more than 83% of home and office routers were vulnerable to hacking and that included five major brands.
Hackers can redirect traffic to a phishing website using a technique called DNS hijacking, making consumers to naively share a credit card number or login credentials.
As per Michael Kanellos, technology analyst at OSIsoft, machine phishing will become a more pressing concern in the years to come. More hackers than ever before will try to gain access to IoT and operational networks to send false signals that will result in owners or plant operators taking actions that can be damaging.
3. Data and Identity Theft in the IoT
The main strategy of identity theft used by hackers is to build up data. With a little bit of research, plenty of data about a person is available. General data accessible on the Internet when combined with information from social media and data from smartwatches, fitness trackers, and smart fridges and so on can give out an all-round idea of your identity.
Moreover, a fitness watch or your smartphone holds the most private of all information, including your name, date of birth, address, credit card information, and health information.
And a study reveals that only 50% of tested smartwatches are designed to enforce a screen lock by PIN or pattern, making it vulnerable to data and identity thefts. IoT is definitely an identity theft goldmine for criminals.
4. DDoS Attacks on IoT Enabled Devices
If you are unable to gain access or use an IoT enabled device at home, chances are, you are the next victim of a DDOS attack. A denial-of-service attack can leave a machine or network resource unavailable to the intended user by disrupting the services of a host connected to the Internet. It can either be temporary or indefinite.
When a distributed denial-of-service attack (DDoS) occurs, incoming traffic flooding a target originate from several sources. It makes it hard to stop the cyber attack by merely blocking a single source.
DDOS attacks are common. In fact, the percentage of such attacks doubled from 3% to 6% in 2016, mainly as a result of lack of security in IoT Devices. This isn’t as astonishing as it may seem – it has become a norm now. A sole compromised smart sensor on a network can affect similar devices that run the same software.
5. PDoS Attacks on IoT Enabled Devices
Permanent denial-of-service attacks (PDoS), also known as phlashing can damage your device severely. You will need to replace or reinstall the hardware.
In one such incident, in 2017, the DHS’s ICS-CERT issued an alert update about BrickerBot, a malware that was designed to exploit hard-coded passwords in IoT devices and lead to permanent denial of service (PDoS).
6. Poor Legacy Security of IoT Devices
As more and more critical infrastructure systems come online through IoT, there is an increasing risk in cyberattacks with physical consequences cited Justin Sherman, the cybersecurity policy personnel at the think-tank New America. It can cause damage to property or harm to human beings.
Many IoT devices come without the most basic cybersecurity protections, such as strong default passwords. It leaves any interconnected systems vulnerable. Everything from a coffee maker to thermostats that get connected with IoT devices could be hacked and manipulated with dreadful consequences.
Having a smart home paints an enticing image of comfort and convenience. As manufacturers build more and more Internet of Things (IoT) devices that incorporate with popular internet-based applications, many users see the value in purchasing such devices.
Ease of integration is one of the main reasons why users consider adding these products to their network of devices. But even as the ease of use can be tempting, these products can also be vulnerable to security issues that could lead to far-reaching problems.
Remember that many IoT devices are without even the most basic cybersecurity protections like a strong default password. You have to be aware of all the risks involved in using IoT enabled devices maybe avail the IoT security solutions available.