Addressing and Solving IoT Security Risks in Smart Devices

Can IoT Devices Be Hacked?

As a general rule, if something can connect to the Internet, it’s a security risk. So yes, an IoT device can be hacked. Since the Mirai botnet hit in 2016, cybersecurity professionals have increased their warnings to consumers about IoT hacks. IoT devices tend to have lower defenses than computers, laptops, or smartphones, so they’re an easy target for hackers.

According to a report from Unit 42, the global intelligence threat team at Palo Alto Networks, 98 percent of all IoT traffic is unencrypted. That means devices are exposing personal data to the networks they run on and allowing hackers to listen to traffic so they can gather and sell confidential data.

Not only can IoT devices be hacked, they’re low-hanging fruit for hackers. To protect yourself from cyber-attackers, you can make some simple changes.

The Biggest Security Risks with IoT—and How to Reduce Them

Brute-force attacks

The Unit 42 researchers saw that password and brute-force attacks were the most common against IoT devices. Many people fail to change default usernames and passwords when they get a new device. This makes them susceptible to brute-force attacks. Some companies have come under fire for not advising people to change the default password once they launch their device. The solution to password attacks is simple: change your login credentials on your new device. Choose a username or password that’s randomly generated and either write it down or keep it in a password manager.

Privacy issues

Hackers aren’t the only concern with IoT. Data privacy from the companies who manufacture the IoT device is also a pressing issue. While it might seem great to get daily reports of your heart rate, you should ask yourself where is that data going? Does the information you share on an IoT device stay with you, or does the company who made the device hold on to it? When Google bought Fitbit, it raised concerns about what Google planned to do with all the health and fitness data that Fitbit collects from its users. Before agreeing to let a company access your data, always read the privacy policy and terms of service. If it’s unclear what they do with your data, consider an alternative service or device.

No updates

The lack of testing or regular updates is another opening for hackers to exploit on IoT devices. Manufacturers often fail to provide updates for their devices. They tend to focus on pushing out new products rather than updating old ones. If your device includes firmware, it’s usually only for a limited period of time. Devices that don’t update, or experience downtime when there is an update, are more vulnerable to cyber-criminals. The only way to reduce this risk is to purchase a secure device in the first place. Ask the manufacturer about security and updates. If this information is unavailable, chances are the security for that device is weak.

Malware

IoT devices are targeted for their poor security, but aren’t the final destination for hackers. They’re often used as gateways to access a network to introduce malware. Hackers aren’t interested in taking over your toaster, but they might use your toaster’s connection to your home WiFi to gain access to your network. Once they’re in, they can introduce malicious code to launch further attacks or take over other systems. Malware threats include botnets, backdoor Trojans, worms, and ransomware.

In addition to solutions listed for these security threats, you can mitigate your malware risk by disabling unnecessary ports or services on IoT devices. Unused ports are a way hackers can get in. You can also disable Universal Plug n Play (UPnP) which makes your device discoverable on the Internet. Malware is stored in a device’s volatile memory, so shutting it off completely and switching it back on can erase potential malware that’s lingering.

Home invasions

IoT devices and other “smart home” technology can expose your home IP address. This could give away your residential address. If you run heating or lighting on IoT devices, hackers can access and monitor them to see when you’re away from home. They can also hack into your network and launch a ransomware attack, rendering parts of your home inoperable unless you pay the ransom.

How can you keep your home network secure? Updating passwords is a good start. You could also improve WiFi security by adding a wireless network for guests in your home and encrypting it withWi-Fi Protected Access or WPA. You should also avoid public WiFi if you’re accessing your home IoT network while you’re out. Changing the name and password of your router to something random can also keep your network secure.

IoT has become a critical data security threat for average consumers and it continues to do so. As long as this market keeps growing, hackers will search for ways to exploit these devices. If you want to use an IoT device, know the risks and take proper steps to protect yourself from cyber-attacks.