Why IoT requires a strong security posture
Amir Kanaan, Managing Director for Middle East, Tukey and Africa at Kaspersky on how the evolution and adoption of IoT makes people more vulnerable to attacks
While there are around 7.5 billion humans on the planet, the number of connected, Internet-enabled ‘things’ is set to reach 75 billion by 2025. Known in the industry as Internet of Things (IoT) devices, this array of gadgets, monitors, sensors and controllers is finding its way into every aspect of our existence.
An IoT device is anything that can be connected to the Internet, communicate with other objects on the net and be controlled remotely. What has changed rapidly in recent years, is the variety of devices that can match the above criteria and the dangers that the owners of these devices can face.
In an industrial and urban setting, IoT devices collect lots of data. While some of it may not have value, much of it will relate to social performance and health & safety issues. This information can help save lives, improve the performance and safety of industrial machinery and help with crowd and traffic control; however, it can also damage the reputation or even impact your health if it ends up in the wrong hands.
Hacked IoT devices can be used for DDoS attacks, channelling the combined power of lots of, for instance, Wi-Fi routers to flood and bring down a server. That was exactly what the infamous Mirai botnet did, when it took down dozens of the world’s largest web services nearly a year ago. Botnets can not only make use of Internet-connected smart devices, but can also spy on a smart webcam owner once they are hacked.
The European Telecommunications Standards Institute (ETSI) has recently attempted to set a standard for consumer IoT security. Its 13 provisions attempt to set guidelines on-device security, storage and transmission of personal data, OS updates, installation and documentation. Other regions are also attempting to set regulations in order to capitalize on the power of IoT devices safely. Consumers also play an important role here and the ones who really do want to embrace the Internet of Things are advised to proceed with caution and do what they can to keep their devices secure.
To secure your interaction with IoT devices, Kaspersky strongly recommends that users follow some common best practices:
- Change the default password on your IoT device: such connected devices are usually sold with basic and generic user names and passwords.
- Always update your connected device’s OS when new updates are available: companies usually introduce security patches and bug fixes with every update.
- Unplug abandoned devices, it is also advised to stop using a device if it shows any odd behaviour such as rebooting or turning on by itself.
- Be sure to find out what your IoT device maker’s data collection policies are. If they don’t seem to have a policy, steer clear. If they do have one, try to opt-out of any aspect of it you may be uncomfortable with.
- Most smart devices manufactured today have a feature called Universal Plug and Play (UpnP), which allows devices to see each other on the network. Once these devices are connected, they can continue to communicate easily with each other. That means, of course, that one hacked device can become the gateway to all the other devices on the network. Unless you have a good reason to keep certain devices connected, disable this feature on everything on your network.
- Consider enabling two-factor authentication on any software that manages IoT devices. This will make it more difficult for rogue actors to access and hijack the devices.
- You should be wary of IoT devices and public Wi-Fi networks, especially if you are a user of wearables. If you’re in a public space and your devices are set to automatically connect to Wi-Fi, you may be exposing your data to everyone else on that network. So, avoid networks that don’t ask for a password and set your devices so they don’t try to connect to public Wi-Fi by default.
- If you have sufficient tech expertise or have access to it, create a separate Wi-Fi network for guests and other third parties. That way, the number of people with potential access to your IoT devices is restricted.
As with every other connected piece of technology, IoT devices can never be 100% secure. By taking a few practical steps, however, you can greatly reduce your chances of being the next victim of an IoT device hack.