Cyber security in IoT: which devices are the most vulnerable and how to protect yourself?
The number of IoT devices available to the wide range of users is growing year by year. According to forecasts of Cisco IBSG, the number of devices connected to the Internet will reach 50 billion items by 2020.
Russian users must have already discovered the value of the potential market: smart watches and smart fridges are not new, and development companies often sell apartments with built-in smart home systems.
However, the IoT field is evolving meaning that it is exposed to the risk of hacking attacks. What cyber threats can a smart fridge pose and how dangerous are hacking attacks on connected cars? Read further in the article.
Why the IoT field is not secure?
Hacking attacks pose a threat to the IoT market due to three reasons: the lack of regulation, compatibility of devices, and innovation as such.
Thus, Russia lacks a legislative framework that would regulate the IoT market. For now, security baseline has not been defined for smart devices. In addition, there are no final legal grounds to trust IoT devices and IoT services.
CEO of Digital Rights Center Denis Lukash states, ‘The positive moment is that the act about telemedicine has come into effect. But if we talk about complex regulation or at least harmonization of standalone branches of law for IoT, this is not available. For now, we have only endeavors and attempts.”
The other side of the problem are manufacturers. In 2015, Hewlett Packard researched the security of IoT devices and found out that 70% of them had vulnerabilities related to login details, almost no encryption was applied, and some devices had problems with access authorization.
The issue of consumer IoT market’s security is critical, as most of IoT devices are bought for the period longer than 2–3 years. Martin Hron, security specialist at Avast, recommends that IoT companies paid more attention to the protection of their products.
Martin says, ‘Manufacturers should implement cyber protection solutions at the design stage. Most of changes should be introduced in hardware components.’
Which devices are most vulnerable?
DDoS attacks are some of the main problems of the modern IoT sector. DDoS (Distributed Denial of Service) attacks bring network resources out of service. In this case, all users of small household appliances from smart toasters to toilet seat lids are at risk of hacking attacks.
For example, during the Black Hat Conference, researchers from Trustwave told about the danger that users of SATIS smart toilets may face. According to them, the Android app used to control the smart toilet tank contained a fixed PIN code – 0000. Knowing it, hackers can remotely control the device.
Moreover, you don’t have to be a hacker to do that, as any Android smartphone can successfully control all toilet tanks within the radius of reach through SATIS app.
Apart from hacking household appliances, malefactors sometimes target larger machines, for example, connected cars. One of the first cyber-attacks against connected cars took place in 2015. At that time, the electronic onboard system of Jeep Cherokee suffered: hackers could remotely control windshield wipers, audio system, and the speed of the car.
How consumers can protect themselves against cyber attacks
However, the government and manufacturers are not wholly responsible for hacking attacks against devices. Users should take care about the integrity of their networks:
- to start with it is important to change password set by default: some manufacturers can do the same mistake as SATIS;
- not to make passwords similar to names of relatives and dates of birth, as they are simple to hack;
- to update firmware regularly;
- to protect routers (by using a closed Wi-Fi network, disabling WPS, using a complex password, etc.);
- to buy IoT devices only from trusted vendors that provide protection to devices.
Are Russian manufacturers of IoT devices ready to stand up against phishing and DDoS attacks? On March 27, IT Security Manager of Cisco Igor Girkin will highlight the issue at the Internet of Things Forum. The expert will share the experience of protecting gadgets against cyber-attacks and will tell about threats of unauthorized access through connected devices.