Mobile World Congress 2016 brought together a 100,000-visitor crowd to experience the latest inventions in VR, mobile, robotics and…connected devices. IoT has been on fire the whole week of MWC 2016 and has left us fascinated by the potential of connected devices and IoT. However, IoT certainly keeps some skeletons under the shiny hood.
The controversy with IoT is so deep that the government pays special attention to the subject through the Federal Bureau of Investigation to warn about the risks posed by the industry. Unsecured or weakly secured devices provide loopholes for cybercriminals to intrude into private networks and gain access to other devices and information attached to these networks. The easiest targets for cybercrime are devices with default passwords or open Wi-Fi connections.
There is quite a variety of examples of possible incidents related to IoT. At this stage, there is a lot of hype around the possibilities that the industry can unlock. However, along with that hype, the security can’t be ignored as there are reasons it may become one of the hottest industries by 2020.
Default passwords and open Wi-Fi
Cybercriminals can take advantage of gaps in the configuration of closed circuit television, such as security cameras used by private businesses or built-in cameras on baby monitors used in homes and day care centers. Undersecured systems can be identified by criminals and breached in order to expose the private life of a victim. Any default passwords should be changed as soon as possible, and the wireless network should have a strong password and firewall.
E-mail spam attacks
It may be surprising for some, but spam attacks are not sent only from laptops, desktop computers, or mobile devices. Home-networking routers, connected multi-media centers, televisions, and appliances with wireless network connections are also used by criminals to redirect spam e-mails and malware. The affected devices are usually vulnerable because the factory default password is still in use or the wireless network is not secured.
Connected automated devices
Unsecured wireless connections abound for automated devices (security systems, garage doors, thermostats, lighting). The gaps in the security systems of those devices allow criminals to gain control over the automated devices. Once the control is obtained, it doesn’t take much effort to access the home or business network and collect personal information or remotely monitor the owner’s habits and network traffic.
In fact, if in addition to unsecured wireless connection of automated devices the owner kept default passwords, any criminal can exploit devices to open doors, disable all security systems and gain access to anything in the house. Needless to say, criminals would be able to use house cameras to record audio, video and transmit through the Internet to interested groups.
Monitoring and sensory devices
Connected monitoring and sensory devices are also at high risk. Using the connection, the criminals could reset the monitoring device to ignore the sensors and indicate incorrect data (incorrect level of gas on a pump, for example).
Unprotected home healthcare devices
Devices that are used to collect and transmit personal monitoring data or time-dispense medicines can be hacked and gained access to by criminals. Once breached, those devices can provide access and control over any personal or medical information stored on the devices. Criminals are even able to change the coding controlling the dispensing of medicines or health data collection. Any devices capable of wireless connection expose the owner to the risk.
How to protect yourself from the risks?
The US government has serious concerns regarding the security of IoT, which has resulted in a list of recommended actions that can be taken to ensure personal safety.
- IoT devices need to be isolated on their own protected networks;
- Purchase IoT devices from manufacturers with a track record of providing secure devices;
- When available, update IoT devices with security patches;
- In case the device comes with a default password or an open Wi-Fi connection, it is necessary to change the password and only allow it to operate on a home network with a secured Wi-Fi router;
- Follow proven secure practices when connecting devices to wireless networks;
- Consumers of any healthcare devices with connectivity and wearables that monitor health data, should be aware of the capabilities of the device and make sure to secure them using best practices;
- Obviously, any passwords need to be as secure as possible and updated on a regular basis. Any default password is the first loophole for a criminal as it doesn’t take much effort to find the default passwords lists in the Web. In case a certain device doesn’t provide an option to change the password, users need to make sure that it has a strong password and uses strong encryption.