A new cyberthreat is looming that is tantamount to leaving your front door open, and that is the IoT. According to Gartner, the IoT is exploding, with estimates of 26 billion connected devices by 2020. Every appliance and technology manufacturer is scrambling to launch IoT devices that can seamlessly connect to the Internet. Think about the average home and the number of potential devices that can be connected to the Internet: TV, cable box, dishwasher, refrigerator, clothes dryer, toaster, garage opener, security system, thermostat, smart locks, etc. All of these new devices are being built with provisions to connect to the Internet, so they each have their own IP address and thus are each targets for a hacker. Last year, Forbes reported on potential entry points for hackers by way of the popular Nest thermostats. To date, there have been no reported incidents, but IoT devices and breaches are all so new that it is only a matter of time before many products are hacked.
What can hackers do if they get into our IoT devices?
When hackers get a piece of our personal information they have a better chance of compromising our identity. It is not the smart refrigerator connected to the Internet that a cyberthief cares about; it is the backdoor in the IoT refrigerator that is connected to your home network. Once in your network, hackers have access to your personal computer, where you do your banking, stock trading and many other private transactions. Access to your network also means malware can be easily planted on your computer, allowing cyberthieves even more unfettered access to your data. This can even lead to extortion via ransomware. If someone demanded payment and I didn’t comply and suddenly my garage door opens and closes all night or my home alarm triggers in the middle of the night, it would get my attention.
Are IoT devices vulnerable to hacks?
Part of the challenge in securing IoT devices is that they store personal data. Some IoT wearable devices such as the popular Fitbit are frequently worn between home and office so they connect directly to the company network upon arrival. This would theoretically allow attackers to target companies by first injecting unauthorized code into the user’s wearable device at their home, which would soon be introduced into their workplace. Security concerns like these prick up the ears of Andrew Hay, director of OpenDNS Security Labs who writes,
“Early adopters sanctioning IoT use are likely considered fringe cases at this time. Underprepared companies will find they are unable to prevent the tech-savvy employee from bringing their latest toy into the office and connecting it to the network.” Read the full piece by Stephen Lynch here.
Experts agree that as IoT adoption grows, there needs to be a set of standards that companies adhere to such as IPv6. But even more importantly, IoT device providers must test for security vulnerabilities before releasing products to market. There is no simple solution to securing the IoT, but security must be effective for the IoT to ultimately achieve success and mass adoption in homes. If IoT devices are truly built with a security-focused approach, they would limit the amount of data being collected and encrypt that data to minimize risks. Fundamentally, the internet is NOT secure, so we cannot expect IoT devices to ever be 100% secure either. Until there is a security standard, each device maker or individual must choose the type and number of locks they wish to put on their IoT devices’ front and backdoors. Anything less is akin to leaving those doors wide open.
Scott has lectured and presented extensively regarding cybersecurity and corporate espionage at numerous conferences around the globe. He has recently overseen the development of several cell phone detection tools used to enforce a “no cell phone policy” in correctional, law enforcement, and secured government facilities. He is regularly interviewed for leading national publications, and major network television stations including Fox, Bloomberg, Good Morning America, CNN, CCTV, CNBC, & MSNBC. He is the author of “Hacked Again” and writes, “In a modern digital world no one is safe from being hacked, not even a renown cybersecurity expert.”