IoT Devices vs Hackers: How to Be Safe in the Internet of Things
because of the IoT
The IoT (Internet of Things) has been changing the world for the last 10 years. Our daily life is much more easily connected to the network and we started being dependant on what our IoT devices can do for us. However, the lack of security in the IoT also opened the door for new threats.
During 2018, several cybersecurity companies such as Radware reported a dramatic increase in the use of IoT devices compared to previous years.
Not surprisingly, IoT has become one of the hackers' favorite targets. What will the IoT bring next? A new technological era or a new cyber battlefield?
In which environments the IoT is used?
Let's start trying to understand the dimension of the IoT. The Internet of Things is a giant network where objects with digital capabilities can send and receive data through the internet.
The IoT makes everyday objects trackable, controlled and upgraded remotely. In other words, the IoT is a kind of ecosystem where devices exchange information with or without human interaction.
In this context, the IoT has changed many scenarios of our daily life in many environments such as hospitals, schools, industries, and even our homes. Let's see some of the most interesting environments where the IoT is present.
The automation of processes within factories is evolving thanks to IoT. Today, fully automated factories work with machines equipped with sensors. Those sensors send data through systems that use the IoT to improve and calculate production development.
For example, Amazon uses IoT along with its packaging algorithm. The algorithm determines the size of the products to place them in appropriate packages. In this way, Amazon guarantees the use of the full capacity of its shipping trucks.
Smart houses have stopped being science fiction to become a reality. 20 years ago, it was hard to imagine that a fridge would be able to manage your food inventory to keep it fresh or do grocery shopping for you. Now, Samsung and other brands produce smart-fridges. And how about an air conditioning system that activates itself to regulate the temperature before you get home?
Medicine is one of the environments where IoT has great relevance. Today there are devices that can remotely monitor conditions such as diabetes and automatically provide the necessary dose of insulin in the patient. Also, some devices connected to the IoT are capable of monitoring the health of asthmatic patients, coagulation problems, hypertension, and many other diseases.
By being connected to the IoT, devices can assist patients with immediate diagnoses and even contact an ambulance in case of emergency.
Hosting services use the IoT as well. For example, smart locks allow AirBnB hosts to monitor remotely the entry and exit of their guests through digital keys.
Another example is the Hilton hotels. They use smartphones to allow their guests to make electronic check-in and control the temperature, lights, and the lock of the room.
IoT can change your daily life also in a sphere of transport. You probably know Tesla. The company is proud of saying that its smart cars are able to repair themselves remotely when the software fails. Also, they can schedule autonomously a visit to the mechanic. In the case of public transportation, the IoT allows real-tracking of buses, trains, trams and more.
IoT adoption in homes worldwide
A research of the current use of IoT devices worldwide conducted by Stanford University and Avast in 2019, reveals that about 40 % of households in the world have at least one IoT device. North America is the region with the most IoT devices: 66 % of homes are connected.
53 % of Western European homes have at least one IoT device and in Eastern European just 25 %. On the other hand, Asia concentrates the largest number of surveillance cameras connected to the network.
Another revealing fact is that although there are about 14 thousand manufacturers of IoT devices, just 100 vendors produce 90 % of the devices.
IoT device security: a major concern worldwide
As we have seen, IoT is becoming increasingly essential for industries. Every day, brands try to adapt to the IoT environment and new devices appear in the market.
However, according to Forbes 77 % of security experts and ITs consider that the manufacturers are not implementing enough IoT device security measures, especially the router producers. This is a major concern for security experts since most of the IoT devices work via WiFi.
One example is TP-Link, the major provider of home routers worldwide. TP-Link routers with FTP protocols have shown most IoT security vulnerabilities: more than 55% were found with FTP ports open for intrusion. As for HTTP protocols, 1.2 million routers were found with weak access credentials.
The infamous Mirai
Just a couple of years ago, Mirai, one of the most lethal botnets, managed to knock down a large internet portion by focusing its attack on the IoT. Due to the great vulnerability of various devices connected to the internet such as smart TV's, security cameras and even refrigerators, Mirai was successful using a simple code.
How hackers attack the IoT
According to Radware's report on the state of cyberattacks during 2018, they noticed that the increasing use of IoT devices pushed up the number of botnets launched by hackers.
Hackers have found in the IoT devices an excellent platform to orchestrate large-scale attacks because these devices always remain on and are rarely monitored; also their passwords are usually very weak. Thus hackers can hijack numerous IoT devices to build bot armies.
The number in denial-of-service attacks established new volume records during 2018 and the first half of 2019. Hackers have been using DDoS-as-a-Service tools, anonymous payment mechanisms, and IoT devices as zombies.
The predictions about IoT security are not very optimistic for the rest of 2019 and early 2020. According to experts from companies such as Avast, Ransomware, and Kaspersky, IoT could also be hijacked by ransomware.
But the problem of the vulnerability in IoT devices can be much more dangerous than hijacking the devices of an ordinary user. For example, with the browser Shodan, hackers can track any IoT device, from the most ordinary ones such as smartphones, refrigerators, and smart TVs, to security cameras and nuclear plants.
Shodan provides the exact location of any device connected to the Internet of things, including satellite and street view options for detailed searching. Know more about Shodan in our previous article.
IoT security predictions
According to Kaspersky, botnets attacks to the IoT will increase drastically this year. The cyber pirates will seek to hijack as many devices as possible to create swarms of bots also called Hivenets that allow them to attack the most vulnerable points of the network.
How to protect your IoT devices against a hacker intrusion
Results revealed by All Things: An analysis of IoT devices on Home Networks research are frightening. Most of all because of the sudden increase of IoT devices in the last two years in homes around the world.
On one hand, a large number of devices still use weak passwords via FTP and Telnet. Also, default HTTP passwords on the routers are rarely changed by users.
Although IoT security devices such as electronic locks are becoming popular, the most vulnerable devices are working appliances, media, and security cameras.
With this scenario in mind, it is necessary to think about protective measures to reduce the vulnerability of your connection to the IoT. Some of our recommendations to protect your devices are the following:
1. Be sure that your router supports the latest security protocol
All routers produced after 2006 should have a WPA2-AES protocol. The safest protocol at the moment. In theory, your network should be protected using that kind of encryption. This doesn’t mean that you will not be vulnerable to hackers, but it can reduce the chances to attack your home network. If you want to know more about security protocols, read our comparison article.
Another good practice is to change the default name of your router. This can make it difficult for hackers to identify what model router you use.
2. Set up a strong password
Yes, you can set up a password for your IoT devices. It is very important that you use a strong password with a combination of upper and lowercase letters, symbols, and numbers. For further information take a look at our article about the best practices to choose a strong password.
3. Disable UPnP
The Universal Plug and Play protocol is the most common protocol used in IoT devices, but also a gateway for hackers. If you want to reduce the hacker chances to kidnap your device, disable this option and connect your devices through a manual configuration.
4. Firmware updating
Don’t skip manufacturers patches! If you don't update the firmware regularly, your IoT devices can be exposed to the latest threats. You can turn on the automatic updating option in all your devices as soon as they detect new versions of the firmware.
5. Avoid public Wi-Fi connections to manage your IoT devices
If you use apps on your mobile phone to manage your home devices remotely, do not do it using a public Wi-Fi connection. That could be the perfect environment for hackers to capture your network.