There’s no doubt that IoT is becoming more and more of a reality with the evolution of technology. Now you can have home appliances such as light bulbs, ceiling fans, air conditioners, thermostats and CCTV cameras linked to your smartphone or tab or anything that has access to the digital world. While the scope of IoT is huge in fields such as manufacturing, transportation, medicine etc., IoT devices have made it into the market without the requisite security measures.
While having the potential to transform our lives in every sense of the word, it has more cons than pros at the moment, with security being a major flaw. Security threats are at an unimaginable scale. Imagine a hacker being able to unlock your house from anywhere or your webcam is used as a contributor to attack the power grid of a country. The implications are frightening.
We take a look at the top 6 security threats that IoT brings with it and the possible solutions at hand.
#1. IoT Ransomware gains ground
Thus far, IoT based ransomware has been used by hackers to lock owners out of their systems and demand a ransom in return to giving them access. But very soon, we will see IoT being used to steal encrypted data and capture footage – be it photos or videos. Hackers can then demand a ransom for returning the encrypted data or even demand cryptocurrency such as bitcoins.
There is also the possibility of various attack types being merged together. This could include DDoS (Dedicated Denial of Service), ransomware etc.
#2. Micro Security Breaches Reign Supreme
The most famous IoT malware of 2017 is, according to most people, the Mirai botnet. It was responsible for blocking access to websites such as Twitter and Netflix, among 1,200 websites in total. Mirai was a DDoS malware. But Mirai aside, another infamous security breach in the last year was Reaper. There were many Reaper-like attacks which flew under the radar but still caused a sizeable impact.
It is these apparently minor security breaches – those that don’t cause a huge enough stir to register as a malware or botnet worth countering – that cause huge dents insecurity. The security agencies don’t attach much importance to them as they’re busy addressing other attacks that target major websites. Hackers identify some vulnerabilities and take advantage of them but not in a manner that gets a wide recognition. By slipping under the radar, many such attacks have gone on to become huge ones.
#3. Attacks will target more IoT connected devices
IP cameras, smart locks, scanners, printers – any connected device could be a target of a hacking attempt. One of the most successful botnets of 2017 – Persirai, targeted IP (Internet Protocol) cameras.
Persirai had, according to records at TrendMicro, targeted more than a 1,000 IP cameras. But it was seen that more than 120,000 IP cameras were susceptible to the attack. These IP cameras had open ports that were used by the attackers. The attackers downloaded malicious code from the botnet server and executed it. They then launched a targeted DDoS attack or targeted other IP cameras.
Mirai and Persirai have proved that hackers are targeting more variety of devices to perform DDoS attacks. They try and identify vulnerabilities and since IP cameras use a Universal Plug and Play (UPnP) port, it was an easy weak link to exploit for the hackers.
#4. Devices with lax security
This point continues from where we left off on the last one. Many users use IoT devices with lax security, often using default passwords that were given at the time of product installation. Users should be wary of the security issue posed by this and use strong passwords for IoT connected devices.
Aside from network security, security of the device itself is important. It should be ensured that all electronic devices within the network have, preferably, a fingerprint or any other biometric scan feature. Otherwise, they should at least have a password of some kind. Also, users should disable UPnP on their routers to avoid being vulnerable to a Mirai or Persirai sort of attack.
#5. The Need For Code-Signed SSL Certificates
Malware can also be spread via software programs that are downloaded from the internet. That’s why it’s important to secure your website using an SSL certificate. With cybersecurity becoming a bigger issue every day, businesses are hiring security experts to prevent their sites and apps from being hacked.
IoT devices are capable of gathering huge amounts of data and if this data is to be secured, look no further than Code Signing Certificates. This specific category of SSL certificates was created keeping in mind the need to stress the importance of the trustworthiness of the source of information. Code-signed SSL certificates include the name of the developer or company and sometimes even a timestamp in the signature.
A code-signed SSL certificate instills a sense of trust in the end-user since the signature shows that the content in the site is both authentic and hasn’t been altered by any third party.
#6. Privacy in IoT
In the coming years, as IoT continues to expand and include all sorts of devices, privacy will become a major concern. Data privacy already is a concern for social media sites. Some of them have come up with data encryption which de-identifies the information, turning it into data that doesn’t make any sense to a third party.
In order to avert hacking attempts launched from private networks, IoT devices should be encrypted. The EU’s GDPR (General Data Protection Regulation) has caused a major stir among companies doing business in Europe. GDPR is a regulation aimed at protecting sensitive data of the common user.
So while EU-based companies are already tackling the privacy concern first-hand, businesses in other parts of the world also have to realize the significance of privacy. It’s important to safeguard information such as call logs, messages, IP address, location etc. of the user and this can be done by employing data encryption.