Censys: The World of Attack Surface Management
The Internet of Things (IoT) is one of the most exciting components of the evolving technology landscape. Today, we’re seeing the arrival of tools that can communicate seamlessly with other machines to simplify the way we live and work. IoT is gradually becoming more ubiquitous, whether that's in autonomous cars to smart security apps. This year, Gartner believes that we’ll see a 20% increase in the IoT market. What’s more, as more people continue to experiment with the value of connected devices, it’s becoming increasingly easy to see how IoT could change the world that we’re living in. However, one of the most pressing issues surrounding IoT is the security considerations it comes with. What are the main security challenges that we’ll need to overcome to embrace the full benefits of this technology?
Enjoy this article? Why not check out our Tech Chat with Sandy Forrest at Atos?
Finally, another major risk of IoT devices is the potential for cryptomining. Mining cryptocurrencies requires a huge amount of GPU and CPU resources. To access the bandwidth that they need, some hackers are infecting large numbers of IoT bots to mine currency. Although the aim of this attack isn’t to harm any company, it can cause serious problems for the businesses that are running their own IoT tools. IoT botnet miners also pose a significant threat to the crypto market. If they’re allowed to operate freely, these miners have the potential to disrupt an entire market with just one attack.
Rogue IoT Devices
As the number of IoT devices increases, the risk of 'rogue' technology is higher than ever. Rogue devices and counterfeit IoT products are beginning to appear in a number of secure networks without authorisation. For instance, rogue IoT devices can take the form of Raspberry Pi products, which can be made easily into rogue access points, video cameras, or thermostats. Horror movies have even been inspired by the idea that digital devices could act in ways that we don’t expect due to rogue programming and technology.
Data Integrity in Healthcare
In the world of IoT, data is constantly on the move. Within a business environment, data is constantly transmitted, processed, and stored. Most IoT devices collect and extract information from the external environment. They connect to things like televisions, thermostats, and even medical devices. Sometimes, these devices also send data to the cloud without using encryption. The result of a lack of encryption is unauthorised access to medical IoT devices. A controlled medical device in the IoT landscape could be used to send fake signals, putting patients at risk. For instance, St Jude’s implantable cardio devices gave hackers access to digital pacemakers. This meant that hackers could alter the pacing of the device, deplete the batteries, and more.
Unlike the human element in lack of awareness, password hygiene is often down to complacency. Many of us reuse the same passwords or choose those that are easily memorable, but therefore low in strength. Weak passwords in any setting are like leaving the door wide open for an attack, but this is especially so for IoT-connected devices. Some IoT devices come equipped with default passwords, which allude to a false sense of security. Users must change their passwords quickly to something difficult to guess, and often thereafter.
A single IoT device that has a malware infection won’t always be a huge threat. Often, it’s a collection of infected devices that pose the biggest problem. To perform botnet attacks, hackers create an army of bots that are infected with malware. These bots then send thousands of requests to a target piece of technology. An attack like this occurred in 2016. After the Mirai bot attack, a number of companies questioned how secure IoT could really be. Many IoT devices are highly vulnerable to malware attacks; they don’t have the same consistent updates that a regular computer has, so they can quickly become infected.
Absence of a Robust Design
The lack of 'physical hardening' on an IoT device could also prompt significant security issues. Although some IoT devices can operate without user intervention, they need to be secured and protected from outside threats. Sometimes, these devices can be located in remote environments for long periods of time, gradually gathering data through beacons. However, if a piece of hardware can be broken into physically by a cybercriminal, then the data within could also become accessible. Users and manufacturers alike both need to work at keeping IoT devices physically secured in all environments.
Eavesdropping and Espionage
If hackers can gain access to your IoT software, the outcome could be very dangerous. For instance, hackers that tap into IoT devices could potentially get access to sensitive data. These criminals could then hold that data for ransom, refusing to give companies access until they pay a huge fine. Even if your IoT technology isn’t used in a ransomware attack, hackers could take over cameras and speakers to spy on individuals and businesses. Remember, many IoT devices can record information, and losing control over that information could quickly lead to problems like corporate eavesdropping and espionage.
Another source of IoT security problems is device update management. Although manufacturers can sell devices with the latest software already up and running, it’s inevitable that new vulnerabilities will be exposed over time. Regular updates are crucial for maintaining security on all IoT devices. Unfortunately, it’s hard for any manufacturer to ensure that end-users continue to update their devices after purchase. Additionally, many businesses can get so caught up on producing the next big piece of tech that they forget to roll out the right updates for the solutions they already have. Any gap between a security issue being found in a piece of IoT software and an update patch being applied could lead to huge data leak.
Lack of Awareness
Human beings are often at the heart of many cybersecurity issues. When a customer doesn’t know how to use a device safely, their risk of accidentally exposing themselves to dangers is much higher. Over the years, consumers have gradually learned how to avoid phishing and spam emails, perform virus scans on their PCs, secure WiFi networks, and more. However, IoT is a new technology and something that a lot of people don’t really know much about. While most of the risks with IoT security are still on the manufacturing side, people using their tools incorrectly can also present huge threats. Before anyone embraces IoT – be it a consumer or a business – they need to know how to protect themselves.
Insufficient Testing and Compliance
One of the biggest challenges companies face when embracing IoT is determining whether a piece of technology has been properly tested for compliance. An estimated 60 billion connected devices will be on the market by the end of 2025. However, most manufacturers are so keen to get their innovations out on the shelves that they’re not taking testing and compliance into account. The result is often things like fitness trackers that stay connected to Bluetooth credentials after use and smart refrigerators that can expose login credentials for email addresses. Going forward, manufacturers need to ensure that every device is properly tested and equipped with the right privacy technology before it goes out into the public.