Why is the IoT a Threat to Internet Security?

May 26, 2017 | Views: 5776

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

The new wave of the internet is among us. We are now in the era of the “Internet of things,” (IoT) sensors and devices that connect to the internet from your home IP.  Does your fridge have a computer component that tells you the weather? What about a fridge that can connect to your mobile phone through an app? Yep, those fridges are IoT devices too. This wonderful new era with all of the conveniences it gives us comes with new challenges for security professionals.

Here are just a few of the questions you need to ask yourself as a security professional:

  1. How do we protect these devices?
  2. How to check for vulnerabilities in the software?Where are these devices located i.e publically reachable or in your corporate network ?.
  3. Where are these devices located i.e publically reachable or in your corporate network ?.

What and why is the growing concern facing the home user?

Take the example of the home user: This typical user wants a home security system because they want to monitor what happens in and around their home.  They purchase a DVR with Wireless Cameras. They then set up the cameras to attach to their wireless home network (wifi). Then they allow access over the internet for the DVR  (to record what the cameras catch). Here is where the problem starts – and this is what we have seen time and time again – some users (if not a majority of them) don’t think to change the passwords on the cameras or put an ACL to prevent unauthorized connections to the camera. Now, that home user has just contributed to the IOT issue.  Look at what Mirai has done by scanning the internet for devices such as cameras with weak or default passwords in order to exploit them for use as a node on a botnet.

Now, comes another issue with the average home network itself. Most home users and some small businesses use consumer grade “off the shelf” routers. Well, sorry to tell you, but most home routers from manufacturers like Dlink, Belkin etc., have been found to have major security holes.  If you don’t believe me, check it out here: http://www.wsj.com/articles/rarely-patched-software-bugs-in-home-routers-cripple-security-1453136285  The article offer insight into this big problem.

Unlike your operating system that automatically updates, a router’s firmware is usually a manual process. This is not always an easy task, especially for a home user.  Here is where the problem emerges. The manufacturers often do not patch the holes in the first place!

So add poor security practices to vulnerable equipment and a lack of awareness and you have trouble. This is a recipe for disaster and we are starting to see the effects of it now that the last massive DDoS attack against DYN  was found to be traffic from many IOT devices.   Check this link for a good article on the details of the findings.

In the end, IoT is here to stay so we need to adjust our ways of thinking about security.  Many of these issues were here before IoT like the poor use of passwords and default settings. Poorly written software causing security risks have been around for a long time, but the difference now is that there are a huge amount of devices. Now you usually have more wireless cameras and gadgets than computers. The vast amount of devices is making attacks like DDoS’s exponentially more powerful.

How do we fix this?

  • Better security awareness for the home user
  • Better written software that is regularly checked and patched for holes
  • Devices that have a randomized default password such as the MAC  or serial that forces the user to change the password before the device works

The above is a starting point but is not the only solution; every case if different.

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
1 Comment
  1. Hi Sean,

    I was stating this way back last year on an IoT course in the UK, the biggest issues are User Awareness and Security.

    There was a story recently, about a vibrator that was an IoT device with a camera in it! I didn’t see the point of it myself, but they were hacked because all were dispatched with a password of “666666”. And they were Linux based!

    Good article by the way! +10 cybytes!


Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?