Skip to content

IoT: How to Deal with the Internet of Threats

Beautiful young woman in the city with smart phone, smartwatch and earphones, listening music. Using a fitness app for tracking weight loss progress, running goal or summary of her run. Rear view.

The Internet of Things, or IoT, has become one of the most convenient—and dangerous—ways for consumers to connect to the Internet. IoT is the network of devices, or “things,” that communicate and send data via the Internet. When people refer to IoT devices, they’re typically leaving out smartphones, tablets, and computers. IoT more commonly refers to items that haven’t been traditionally connected to the Internet, like toasters, refrigerators, printers, or thermostats. These days, almost anything can be connected to a network—from water filters and decanters to salt shakers and egg minders.

IoT devices have exploded in popularity in the last several years for the convenience they provide. These devices might make our lives easier, but are they safe?

Can IoT Devices Be Hacked?

As a general rule, if something can connect to the Internet, it’s a security risk. So yes, an IoT device can be hacked. Since the Mirai botnet hit in 2016, cybersecurity professionals have increased their warnings to consumers about IoT hacks. IoT devices tend to have lower defenses than computers, laptops, or smartphones, so they’re an easy target for hackers.

According to a report from Unit 42, the global intelligence threat team at Palo Alto Networks, 98 percent of all IoT traffic is unencrypted. That means devices are exposing personal data to the networks they run on and allowing hackers to listen to traffic so they can gather and sell confidential data.

Not only can IoT devices be hacked, they’re low-hanging fruit for hackers. To protect yourself from cyber-attackers, you can make some simple changes.

The Biggest Security Risks with IoT—and How to Reduce Them

Brute-force attacks

The Unit 42 researchers saw that password and brute-force attacks were the most common against IoT devices. Many people fail to change default usernames and passwords when they get a new device. This makes them susceptible to brute-force attacks. Some companies have come under fire for not advising people to change the default password once they launch their device. The solution to password attacks is simple: change your login credentials on your new device. Choose a username or password that’s randomly generated and either write it down or keep it in a password manager.

Privacy issues

Hackers aren’t the only concern with IoT. Data privacy from the companies who manufacture the IoT device is also a pressing issue. While it might seem great to get daily reports of your heart rate, you should ask yourself where is that data going? Does the information you share on an IoT device stay with you, or does the company who made the device hold on to it? When Google bought Fitbit, it raised concerns about what Google planned to do with all the health and fitness data that Fitbit collects from its users. Before agreeing to let a company access your data, always read the privacy policy and terms of service. If it’s unclear what they do with your data, consider an alternative service or device.

No updates

The lack of testing or regular updates is another opening for hackers to exploit on IoT devices. Manufacturers often fail to provide updates for their devices. They tend to focus on pushing out new products rather than updating old ones. If your device includes firmware, it’s usually only for a limited period of time. Devices that don’t update, or experience downtime when there is an update, are more vulnerable to cyber-criminals. The only way to reduce this risk is to purchase a secure device in the first place. Ask the manufacturer about security and updates. If this information is unavailable, chances are the security for that device is weak.

Malware

IoT devices are targeted for their poor security, but aren’t the final destination for hackers. They’re often used as gateways to access a network to introduce malware. Hackers aren’t interested in taking over your toaster, but they might use your toaster’s connection to your home WiFi to gain access to your network. Once they’re in, they can introduce malicious code to launch further attacks or take over other systems. Malware threats include botnets, backdoor Trojans, worms, and ransomware. 

In addition to solutions listed for these security threats, you can mitigate your malware risk by disabling unnecessary ports or services on IoT devices. Unused ports are a way hackers can get in. You can also disable Universal Plug n Play (UPnP) which makes your device discoverable on the Internet. Malware is stored in a device’s volatile memory, so shutting it off completely and switching it back on can erase potential malware that’s lingering.

Photo by John Tekeridis from Pexels

Home invasions

IoT devices and other “smart home” technology can expose your home IP address. This could give away your residential address. If you run heating or lighting on IoT devices, hackers can access and monitor them to see when you’re away from home. They can also hack into your network and launch a ransomware attack, rendering parts of your home inoperable unless you pay the ransom.

How can you keep your home network secure? Updating passwords is a good start. You could also improve WiFi security by adding a wireless network for guests in your home and encrypting it withWi-Fi Protected Access or WPA. You should also avoid public WiFi if you’re accessing your home IoT network while you’re out. Changing the name and password of your router to something random can also keep your network secure.

IoT has become a critical data security threat for average consumers and it continues to do so. As long as this market keeps growing, hackers will search for ways to exploit these devices. If you want to use an IoT device, know the risks and take proper steps to protect yourself from cyber-attacks.

Related Articles

All
  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking
  • Online Privacy
  • Online Safety

IoT: How to Deal with the Internet of Threats

The Internet of Things, or IoT, has become one of the most convenient—and dangerous—ways for consumers to…

[Read More]

What to Do if You’re Being Catfished

You meet someone online, but something doesn’t seem quite right. They seem to lead an abnormal lavish…

[Read More]

Everything You Need to Know About VoIP Phishing and How to Prevent These Attacks

VoIP (Voice over Internet Protocol) exists to help people with their voice-based communication using the Internet –…

[Read More]
The Amazing VPN

The Amazing VPN Is the Swiss Army Knife of Apps

If everyone knew how incredibly versatile a VPN is at protecting us online, nobody would go online...

[Read More]
Charles Ponzi

Ponzi Schemes: What Should You Know About These Investments Traps?

A Ponzi scheme in investment fraud characterized by using money from new "investors" to pay off original...

[Read More]

Security Conspiracy Theories That Might Actually Be Right

In today’s age of disinformation and fake news, conspiracy theories are running rampant. Some are small and…

[Read More]