The Internet of Things (IoT) adds so much to your home comforts. By using smart devices which connect to the internet, you can make your coffee ready for when you get up and get your oven to heat your dinner up for when you get home. You can control the temperature and air quality, lock the doors, and even keep an eye on the house while you’re away all from your smartphone.
However, IoT also means that your fridge, coffee machine, heating system, and car all store personal data. In fact, every connected IoT device is a data collector. So, unless you want other people to know all about the way you live your life, you’ll need to secure each device. You’ll need to secure your network, but you’ll also need to ensure there are no weak links in the network by checking that each individual device is secure.
There are over 7 billion IoT devices out in the world today, and they present a tempting target for cybercriminals. If your home is wired, you need to protect it, and this article will explain how.
Potential risks to your IoT smart home
There’s not yet any global organization to define IoT device security standards. There’s relatively little regulation applied to IoT devices; the authorities are concerned that your fridge is electrically safe and energy-efficient, but they haven’t gotten around to worrying about whether it’s doing a good job of protecting your privacy.
Because the Internet of Things is growing so fast, there’s a lot of pressure on manufacturers to take advantage of that growth by getting as many products on the market as they can. Some devices are rushed out without paying adequate attention to IoT security issues. When devices are superseded by new products, manufacturers don’t always make much effort to support them with security patches. That’s a stark contrast to computer hardware and software, where you’d expect regular updates to address security vulnerabilities and improve operations.
But hackers are always busy and new threats are always emerging, so a five-year-old security camera or even a six-month-old smart TV could have a well-known vulnerability. That means even quite inexperienced hackers can find an exploit on the internet that they can then use to get into your network.
There have already been several cases of hackers managing to control webcams, cameras on laptops, and baby monitors. But a cybercriminal could also:
- access your heating and lighting systems to find out if you’re away from home.
- access your passwords or even your bank account through information you shared with a digital assistant like Amazon Echo through voice commands.
- get into your network through an IoT device and launch a ransomware attack making your IoT smart home unusable unless you pay up.
- use your devices as bots to deliver computing power for a DDOS attack, click fraud, or password cracking, or to send out spam or mine cryptocurrency.
The scale of botnets can be devastating. The Mirai botnet hacked into IoT devices as long ago as 2016 and managed to create a swarm of 100,000 hijacked IoT devices. Each device might have been weak in computing power, but put 100,000 together, and you’ve got some serious resources to work with.
Mirai used a classic vulnerability: the fact that owners had left the default factory usernames and passwords on the devices, making them easy to take over. It then launched a DDOS attack that brought down domain registration services provider Dyn.
Mirai’s original creators were tracked down and put behind bars. But Mirai is still mutating — and it’s still a threat.