Keeping our families and homes safe is essential in this uncertain world we live in. I often find myself double checking my deadbolt, alarm, and lights before I leave home. Yes, I am one of those paranoid home owners that put the alarm stickers on every window, and of course, I make sure no newspapers are piling up in my driveway. As a conscientious homeowner, these physical security protocols have been ingrained in me but what about non-physical measures? In the Internet of Things, hackers are the new breed of cat burglars.
Do you leave you front door wide open?
A new cyberthreat is looming that is tantamount to leaving your front door open and that is IoT (Internet of Things). According to Gartner, IoT is exploding with estimates of 26 billion connected devices by 2020. Every appliance and technology manufacturer is scrambling to launch IoT devices that can seamlessly connect to the internet. Witness Samsung’s smart fridge at this year’s CES which includes a 21.5″ touchscreen on the front door if you need any further evidence. Think about the average home and the number of potential devices that can be connected to the internet; TV, cable box, dishwasher, refrigerator, clothes dryer, toaster, garage opener, security system, thermostat, smart locks, etc. All of these new devices are being built with provisions to connect to the internet so they each have their own IP address and thus are each targets for a hacker. All of these gadgets provide another level of control that is extremely convenient, but also give access to cybercriminals putting them inside our homes through our IoT devices. Last year, Forbes reported on potential entry point for hackers by way of the popular Nest thermostats. To date, there have been no reported incidents but IoT devices and breaches are all so new that it is only a matter of time before many products will be hacked.
What can hackers do if they get into our IoT devices?
When a hacker gets a piece of our personal information they have a better chance of compromising our identity. It is not the smart refrigerator connected to the internet that a cyberthief cares about, it is the backdoor in the IoT refrigerator that is connected to your home network. Once in your network, hackers have access to your personal computer where you do your banking, stock trading and many other private transactions. Access to your network also means malware can be easily planted on your computer allowing cyberthieves even more unfettered access to your data. This can even lead to extortion via ransomware. If someone demanded payment and I didn’t comply and suddenly my garage door opens and closes all night or my home alarm triggers in the middle of the night, it would get my attention.
Are IoT devices vunerable to hacks?
Part of the challenge in securing IoT devices is that they store personal data. Some IoT wearable devices such as the popular Fitbit are frequently worn between home and office so they connect directly to their company network upon arrival. This would theoretically allow attackers to target companies by first injecting unauthorized code into the user’s wearable device at their home which would soon be introduced into their workplace. Security concerns like these prick up the ears of Andrew Hay, director of OpenDNS Security Labs who writes,
“Early adopters sanctioning IoT use are likely considered fringe cases at this time. Underprepared companies will find they are unable to prevent the tech-savvy employee from bringing their latest toy into the office and connecting it to the network.” Read full piece by Stephen Lynch here.
Experts agree that as IoT adoption grows, there needs to be a set of standards that companies adhere to such as IPv6, but even more importantly, that IoT device providers test for security vulnerabilities before releasing products to market. There is no simple solution to securing IoT but security must be effective for IoT to ultimately achieve success and mass adoption in homes. If IoT devices are truly built with a security-focused approach, they would limit the amount of data being collected and encrypt that data to minimize risks. Fundamentally the internet is NOT secure so we cannot expect IoT devices to ever be 100% secure either. Until there is a security standard, each device maker or individual must choose the type and number of locks they wish to put on their IoT devices’ front and backdoors. Anything less is akin to leaving the front door wide open.
This post is sponsored by HPE’s Business Value Exchange