We should talk about IoT security
The digitization of the world is evolving and with it the Internet of Things (IoT). Smart devices that communicate with each other and undoubtedly make life easier for users. But there is something that is often forgotten, a negative side of IoT, since several cyber attacks in recent months have shown the danger present on the internet. But is it really easy to hack an IoT device?
Basically speaking, yes, it’s simple. Once cybercriminals have discovered vulnerable IoT devices, they just need to know how to hack the device – and that’s surprisingly “zero effort.” The easiest way to hack a smart device is to use bruteforce’s method to determine the password or use the factory default login data. Because it is clear that many manufacturers use the same default login data for all their devices for cost reasons, rather than setting a separate password for each.
What does the past teach us?
That IoT devices have never really been secure. And it is obvious that certain risks will intensify. One of the worst threats on the Internet of Things in the past two years has been the Mirai Bot Network, which has infected thousands of smart devices, triggering massive DDoS attacks using standard logins. Cheap Chinese products such as webcams have been shown to be among the most vulnerable IoT devices. Most of them are products that should only be used at most in an isolated environment. Since the source code of Mirai was published, practically everyone can operate their own IoT botnet or rewrite the programming code arbitrarily – therefore, numerous mutations of Mirai have arisen. Other ways to infect an IoT device are much more complex and are only available for an expensive price and therefore less common. Reverse engineering the firmware or an operating system requires deep technical knowledge and time investments. However, it is exactly at this point that security strategies can be applied.
So what can be done about it?
One possible and effective solution to improve security in IoT would be to allow users to easily change the login data of their smart devices. This only helps with the cheapest methods used by cyber criminals, and we can say that these are the most used. For example, manufacturers can “force” their customers to change the login data of their devices, making entering a unique and “strong” password a mandatory step in booting the device. In fact, changing login data would significantly reduce the number of “vulnerable” devices and make it much more difficult for hackers and bots to enter IoT devices. Alternatively, IoT device manufacturers can assign a randomly generated unique password to each device and send it to the customer along with the device.
With this, there is a small but growing group of consumers who are really concerned about the safety of these products. Especially with devices that listen to practically everything that is spoken within their range. The first major waves of attacks, such as the Mirai Botnet Network Attacks, attracted the attention of security experts. The average consumer is not yet aware of the range of these types of attacks. However, the pressure on manufacturers is growing and with it the demand for better security and data protection measures.
To ensure that passwords are changed frequently and that accesses are secure, robust processes and constant monitoring are required. InfraOPS provides IT monitoring and operation services that aim to meet this eminent market demand.