There is a well-known joke among security professionals:
Q: “What does IoT stand for?”
A: “Internet of Threats.”
Sadly, this joke is our reality.
An estimated 20.4 billion Internet of Things devices will be deployed by 2020, according to Gartner, in what some have dubbed “the fourth industrial revolution.” These connected devices are being manufactured to streamline everything we do. Smart fridges will be capable of ordering groceries when we’re running low, for example, and smart desks will alert us when we’ve been sitting too long.
While there is vast opportunity for IoT to improve both our personal and professional lives, there’s an equally vast opportunity for bad actors to exploit vulnerabilities in connected devices.
Most of us, without thinking twice, assume that privileged access and configurations around our current IoT devices will stay the same; however, failing to acknowledge or scan for new developments could be a fatal mistake.
Overlooking new security measures that would further improve security for IoT devices could result in exposure to malicious attackers and the growing cybersecurity threat landscape.
In the world of manufacturing — where shaping up and shipping out the next best product as fast as possible is the name of the game — security is commonly, and disturbingly, an afterthought.
How Unsecure Is Your IoT Device?
One of the biggest security concerns, when it comes to IoT devices, is unauthorized access. Unbeknownst to the everyday user, each device can act as an entry point into a network. Leaving them unsecured could create a large and unmanageable attack surface.
The Mirai botnet malware attack, which struck two years ago, showed just how high IoT risk really is. To carry out the attack, hackers gained access to millions of routers and IP cameras through hardcoded default passwords, like admin/password or root/1234.
They then created a botnet leveraging the hijacked cameras to conduct a coordinated DDoS (distributed denial of service) attack that rendered much of the Internet inaccessible on the United States’ East Coast.
More recently, VPNFilter malware targeted IoT devices, infecting SOHO (small-office-home-office) routers through well-known software vulnerabilities.
The malware hijacked network flows going through the routers and featured a kill-switch capable of destroying the routers’ software.
“Who cares about SOHO routers?” you might…