The Internet of Things, referring to the network of internet-connected smart devices, has been a technological revolution. Used for everything from wearable devices to smart household items (connected scales, fridges and, yes, even toilets) to smart city infrastructure, the world of IoT has brought newfound smarts to life as we know it. While the term was coined in 1999, it’s only in recent years that the true implications of the IoT paradigm shift have really been felt.
Unfortunately, not everything that IoT has brought has been good news. Flaws in IoT infrastructure can make possible new kinds of cyber attacks — or fresh twists on old ones. Whether it’s credential stuffing attacks or massive DDoS attacks (and if you’re asking yourself what is DDoS, it’s an acronym standing for Distributed Denial of Service,) the results can be extremely damaging. At least, that’s the case for those without the right protective measures.
The risk of IoT attacks
IoT security is an increasingly big threat for those working within cyber security. With some 35.82 billion IoT devices reportedly installed worldwide, the Internet of Things is now firmly in the mainstream, transforming our once-dumb infrastructure into a vast network of connected devices.
But while the IoT is growing rapidly, what’s perhaps not expanding quite so quickly is awareness of all the potential security risks that accompany it. Whether it’s overreliance on default passwords or user failure to update firmware, IoT devices with questionable security measures represent a godsend to potential malicious hackers — and a potential migraine-grade headache for the rest of us.
Compared to someone taking over a person’s work or home computer, the threat of a smart light being hacked may not sound so bad, or else too abstract to really be considered at all. However, once an IoT device has been hacked it could be used to inflict all kinds of damage in the form of automated attacks.
When IoT threats strike
One good example (with bad repercussions) of a possible IoT hack is credential stuffing. Imagine, for instance, that a device is hacked and, due to improper security measures, it provides the attacker with cleartext passwords and usernames for that particular device. This information could then be used by an attacker to try and break into other accounts, supposing that the user recycles passwords and usernames elsewhere on the internet. If the idea of a hacker breaking into your smart light doesn’t scare you (it should!), then the fact that many users may use the same credentials for their smart light and, say, their internet banking service most certainly should.
Another form of attack that frequently involves IoT devices are DDoS attacks. In a DDoS attack, a website or online service is assaulted with a tidal wave of fake traffic emanating from sources all around the world. Where does this fraudulent traffic come from? In many cases, the answer may well be IoT devices. Such was the case with the Mirai botnet, which rose to prevalence in 2016, in which many tens of thousands of IoT devices were infected by hackers who scanned the web for open ports and attempted to access them using a list of common default passwords. The IoT devices were then taken over (affecting their performance) and used as zombies in large scale DDoS attacks.
This is just the tip of the iceberg when it comes to possible automated attacks that can be leveled at the Internet of Things. There are all kinds of ways vulnerabilities could manifest. Given the breadth of smart devices — from cars to medical devices — the effects could be anywhere from catastrophic to downright fatal.
Protect yourself from IoT threats
It’s therefore of the utmost importance that organizations avail themselves of the proper cyber security measures to defend against such attacks. Anti-DDoS and anti-bot protections are necessary for protecting against attacks by compromised IoT devices. Advanced bot protection tools are used to secure access points and analyze bot traffic to seek out harmful activity. They are able to spot malicious behavior and possible attacks wherever they rear their head — and take action accordingly.
The IoT continues to go from strength to strength. But users must be aware of the possible risks posed by these devices. While it’s important to perform due diligence to ensure that IoT devices are bought from reputable vendors, with good records when it comes to patching vulnerabilities, they should also take responsibility for protecting themselves and their users.
Doing this will mean that users get to take advantage of the very best that IoT devices can bring to their lives — which could be anything from health benefits (for instance, a wearable device that can spot unusual heart patterns) to cost savings (a thermostat that learns your habits and adjusts accordingly) to greater levels of convenience (a fridge that orders food you’re running out of.) Crucially, however, it will offer these advantages without any of the associated negative risks. Only once this is done will the world truly begin to benefit from the IoT revolution in earnest.