Many people don’t realize that IoT (Internet of Things) devices are susceptible to the same, if not a greater, risk of cyberattacks compared to other internet-connected devices. The security vulnerabilities of Internet of Things devices are many — they can be used to directly attack the company which owns them, or they can be used as a tool in an attack on a third party. And by 2020, it is estimated that in North America alone there will be over 1.7 billion IoT connections, which means this issue will be on the rise unless something is done. Luckily, while the danger posed by these devices is real, it is something that can be addressed.
The same goes for sensors and devices on shipping trucks that keep track of speed, mileage, location, and braking. Even refrigerators are smart now, with the ability to alert users when certain items are running low or post messages on the door received from an app on a smartphone or tablet. Sensors, whether on a security camera attached to your doorbell or the Amazon Alexa you use to listen to music, all transmit data wirelessly over the internet in order to function responsively and correctly. And that means they can be a security risk.
Another thing to consider is how IoT devices can be used to spy on unsuspecting users. Referring back to security cameras, it is not outside the realm of possibility for someone to use IoT-enabled office security cameras to scope out the best time to break in. And that’s just one example of how a device that should be enhancing your security can be used to compromise it.
And when these IoT devices are designed, cybersecurity is not a major factor like it would be with a laptop, tablet, or smartphone. While users may see internet connectivity and data transmission to a phone or computer as a key feature, the manufacturers may view it as more of an add-on. This means any security features are likely minimal and are unlikely to have been thoroughly tested to determine if any vulnerabilities are present. Many times, vulnerabilities are not discovered until it is too late.
Because they seem so innocuous, IoT devices are typically not included in cybersecurity measures implemented by companies. This is compounded by the fact that vulnerabilities are difficult to patch and updates are hard to install. Add to that the fact that every IoT device connected to a network significantly enlarges the potential surface of attack and you have a recipe for disaster.
IoT – The Internet of Things
The internet is no longer just a system of connected computers and servers, but now includes “things” — everything from smartphones to microwaves. The term “Internet of Things” refers to this massive network of devices that all communicate through the internet. If you have security cameras with footage you can access via your smartphone or laptop, that’s an example of an IoT device.
The same goes for sensors and devices on shipping trucks that keep track of speed, mileage, location, and braking. Even refrigerators are smart now, with the ability to alert users when certain items are running low or post messages on the door received from an app on a smartphone or tablet. Sensors, whether on a security camera attached to your doorbell or the Amazon Alexa you use to listen to music, all transmit data wirelessly over the internet in order to function responsively and correctly. And that means they can be a security risk.
The Internet of Things is a Security Risk to You
There are numerous reasons why IoT devices pose cybersecurity threats. To begin with, IoT devices aren’t typically thought of as security threats, which means users aren’t wary of how they can be used by criminals. In Iran, a USB drive was used to upload the Stuxnet worm into the network of a nuclear power facility. From there, the worm sought out IoT centrifuges (which are key to the sustained and safe operation of the plant) and physically destroyed at least 1,000 of them by causing repeated malfunctions. When IoT devices are breached, they can cause real-world damage, not just “cyberdamage.”
Another thing to consider is how IoT devices can be used to spy on unsuspecting users. Referring back to security cameras, it is not outside the realm of possibility for someone to use IoT-enabled office security cameras to scope out the best time to break in. And that’s just one example of how a device that should be enhancing your security can be used to compromise it.
And when these IoT devices are designed, cybersecurity is not a major factor like it would be with a laptop, tablet, or smartphone. While users may see internet connectivity and data transmission to a phone or computer as a key feature, the manufacturers may view it as more of an add-on. This means any security features are likely minimal and are unlikely to have been thoroughly tested to determine if any vulnerabilities are present. Many times, vulnerabilities are not discovered until it is too late.
The Internet of Things is a Security Risk to Others
Many IoT users may not realize that their devices can be used as tools to launch a cyberattack on someone else. While a single device under the control of something like a botnet may not be a problem, thousands of them can bring down a website in a DDoS (Distributed Denial-of Service) attack. And who would suspect that the smart refrigerator in the office lunchroom could be used in a malicious attack?
Because they seem so innocuous, IoT devices are typically not included in cybersecurity measures implemented by companies. This is compounded by the fact that vulnerabilities are difficult to patch and updates are hard to install. Add to that the fact that every IoT device connected to a network significantly enlarges the potential surface of attack and you have a recipe for disaster.
