Simply put, the Internet of Things (IoT) is the concept of connecting all types of things to the internet. To illustrate this concept, imagine the following scenario: you leave work and hop into your internet-connected smart car. As you are on your way home, it tells your internet-connected smart home heating system to turn on the heating. Your internet-connected smart fridge sees that you are running low on milk and, also knowing that you are on your way home, sends your internet-connected smartphone a message to pick up a carton from the shop. You arrive home and your internet-connected smart home security system detects that it is you and allows you to enter. As it does so, your internet-connected smart light and sound systems turn on the lights and start playing some relaxing music. In the kitchen, your internet-connected smart coffee maker brews you a hot cup of coffee, as your internet-connected smart TV switches on your favourite show.
It sounds wonderful, doesn’t it? And indeed it is! The IoT opens up endless possibilities and innovation, improving our lives in ways we had thought were confined to the realms of science fiction. Innovations to health care, environmental controls, fitness, traffic flow and more would be impossible without the IoT. However, there are also dangers to the IoT and before diving into the future, you need to be aware of them.
Have IoT threats really happened or are they just “theoretical”?
Unfortunately, examples of attacks made possible by the IoT are numerous and continue to escalate.
In 2016, the Mirai malware launched a DDoS attack on a well-known website. A DDoS, or Distributed Denial of Service, attack is a form of cyber-attack that aims to bring down an internet service by flooding it with traffic until it falls over under the strain. The source code was later released and, in October of that year, other cybercriminals used this code to take down domain registration services provider, Dyn.
What made Mirai so powerful was that it scanned the internet for particular types of connected IoT devices and, in cases where the username and password were not changed from the default, it was able to infect the device. Mirai then used these hijacked devices (thousands and thousands of them) to DDoS Dyn and bring it down.
To make matters worse, although the original authors have been caught, the code that was released continues to live on and is mutating into other forms.
A quick Google search will lead you to multiple articles citing examples of baby monitors being hacked. Baby monitors are a great example of a plug and play technology where security is often an afterthought.
Your Google search is likely to show articles and reports over the past decade with examples of poor security on baby monitors. And yet, the problem persists.
Over the past few years, smart TVs have become more and more common. In fact, they have become so common that it’s now almost difficult to find a TV that isn’t smart. While the user experience is very attractive, the connectivity that allows this also enables some unwanted threats.
Ignoring the significant privacy concerns, – which certainly are numerous and should be considered before bringing a smart TV into your home – the security on smart TVs is generally fairly poor. Manufacturers are not great at keeping firmware and software updated as they rush to get the next product out on the shelves. Smart TVs have two-way audio and video capabilities and there have been many incidents of hackers being able to change channels, adjust volume, play unwanted content, or issue instructions to Alexa through the smart TV. However, as sinister as this may seem, it can get a whole lot worse if the attacker can use the smart TV to gain access to your home router. At this stage, they pretty much have control over anything connected to the internet via the router in your house.
A smart car is essentially a computer on wheels and, as we know, computers can be hacked. To be fair to them, smart car manufacturers do consider security to a large degree; indeed, the consequences of not doing so are far too deadly. However, just as with computers, it is just not possible to pre-empt every single vulnerability and they are still vulnerable to zero-day attacks, or out of date software.
Internet of Things or Internet of Threats?
If you listen to the many horror stories circulating of hackers breaking into your baby monitor or taking control of your car as you speed down the motorway, you may well question the sanity of acquiring IoT devices at all. However, that’s only half the story. The IoT – the Internet of Things, not Threats – can be wonderfully useful and considerably improve our lives. However, we need to use these devices in the same way as we would an internet-connected computer. After all, that’s essentially what they are…internet-connected computers. When you use your computer, you wouldn’t dream of connecting to the internet without an up to date virus scanner and you would certainly change the computer password when you get it home from the shop (I hope!).
Over the years, we have been conditioned to think of security when using computers. We need to approach all connected devices with the same mindset.
So, what simple things can you do to help protect yourself?
- Change your Passwords – Change the default password on any connected device and change it to something strong. Use passphrases. There are hundreds of videos and online guides to help you create a strong and memorable passphrase. Where possible, use multifactor authentication.
- Update – Update your devices regularly. Many updates contain security patches. Having your devices set to automatically update is very useful in protecting against known vulnerabilities.
- Segregate – Segregate your networks. Many home Wi-Fi users already create multiple networks on their home Wi-Fi: one for themselves and one for visitors. Applying this approach to your IoT devices can really help protect other parts of your network. For example, your smart fridge could still be hacked but at least it would be on a separate network to devices used for checking your bank account or email.
- Change default alert words – If you have smart speakers (e.g. Alexa) change the default alert word (“Hey Alexa”) to something only known to your family.
- Avoid Universal Plug and Play – Most smart devices have this feature, and it’s designed to be useful…but it’s not designed to be secure! The technology uses protocols that are prone to outside attacks. Turn this feature off!
- Avoid the cloud – Be wary of using cloud technology for IoT devices. Connecting to or from the cloud requires an active internet connection. This leaves a bigger window of opportunity for the connection to be hacked. If you can store your files locally, do so.
We are on the cusp of what many people are calling a new industrial revolution. Connected devices are numbering in the tens of billions within the next year or two alone. The opportunities for us are innumerable. But so are the opportunities for hackers. We need to venture into this brave new world with our eyes open. Embracing the IoT with security in mind can help us to fully maximise these opportunities and safely fuel the IoT revolution.