You might not be one of the two-thirds of Americans currently owning and utilizing IoT (Internet of Things) devices, so news on IoT security may not pique your interest or alarm you, but it should. IoT security affects you in more ways than you realize. With IoT quickly progressing, it’s not just the number of connected devices that are skyrocketing but the number of industries that are utilizing them is also increasing and shaping the way society functions. For example, IoT devices in the service industry are monitoring and controlling vital resources like water supply, natural gas, and electricity. With such a penetrative extent of connectivity in our daily lives, IoT has the potential to affect us in more ways (and not all good) than we could have imagined.
Malware and IoT security
Hackers can harness IoT vulnerabilities to overtake computer systems and affect even non-IoT owners in the form of botnets and network traffic hijacking. This is possible because there isn’t much difference between malware found in laptops or PCs and malware found in IoT devices. Malware is defined as malicious software that can take on the form of executable codes, scripts, and so on to infect a computer system. By their nature, IoT devices are simply internet-connected computers placed inside some kind of device, meaning IoT devices don’t get a free pass from exploitation. In fact, IoT devices may be even more vulnerable than personal PCs.
Due to their limited operating systems and processing powers, IoT devices are created and unleashed onto the market without the most advanced security practices in mind. As a result, malware and other types of exploitations are a major problem for IoT devices. In some cases, changing the default password might not even be an option, even if you wanted to, thus making them extremely susceptible to attacks.
DDoS, botnets, and more
Nowadays, it’s become a trend for hackers to target vulnerable IoT devices and use them to form a botnet, in most cases to carry out DDoS attacks. What’s more shocking is that users who own IoT devices may already be part of a botnet and not even know it. This scenario is not something new as we’ve seen it play out in the attack on the global DNS provider Dyn, in which hackers severely disrupted the Internet, bringing down mainstream websites and online services by hacking into digital cameras and DVR players.
This is just one of the many instances that show us how IoT hacking can affect regular users indirectly. Moreover, it isn’t limited to just botnet and DDoS attacks. Infected devices can also hack into local networks to monitor network traffic and disseminate this information to a third party without your permission. Furthermore, there is also the chance of IoT devices being used as proxies that “anonymize” traffic, allowing them to infiltrate your IP webcams or TV streaming boxes.
Hence, even if you don’t own an IoT device, many industries are using IoT devices, which means your privacy and sometimes even physical safety can be at risk. The medical industry for example often relies on IoT devices for testing, managing, and treating patients. And it’s the same old tale – default passwords account for the fall of the majority of medical IoT devices. Not to mention, critical public infrastructure, that we rely on for key necessities like water and electricity, are also susceptible to attacks. In a nutshell, whether you own an IoT device or not, users are indirectly affected to some extent as most have no control over the security measures in infrastructural IoT that we are subscribed to.
Future of IoT
It will be impossible to avoid IoT security forever. With connected cars already transforming the automobile industry, it’s estimated that 75% of cars shipped globally will be equipped with hardware and software that connect to the Internet. Already, we are seeing users having the ability to stream music, look up certain services besides navigation online, be alerted of traffic and weather conditions, as well as receive driving assistance.
Security for IoT should be a topic of concern for everyone, whether you own an IoT device or not. With the IoT market rapidly growing, more emphasis is being placed on the security aspect of these connected devices, but for now IoT devices should still be kept on a close watch due their inherent vulnerability and ability to indirectly affect the security of even non-owners.