After years of marketing hype, it seems the much-heralded Internet of Things (or IoT to those in the know) has finally arrived. From washing machines and heating systems that can be controlled from your smartphone, to doorbells that learn to recognise regular visitors and broadcast suspicious activity, more and more of us are upgrading our homes with internet-enabled devices. But have we stopped to think about the cybersecurity of this new technology?
One expert isnt convinced weve thought it through. Mikko Hypponen is chief research officer for the Finnish digital security company F-Secure. Having observed the rise in IoT devices, hes coined a new maxim to alert consumers to their potential dangers: if its smart, he says, its also vulnerable. Its a pessimistic rule, he tells me during a stopover in London ahead of an industry speaking gig but its a true one too: the more connectivity we add to our homes, the more vulnerability we create.
The big risks for IoT devices fall into two broad categories, he explains both of which are already being exploited by cyber-criminals. The first and more obvious vulnerability is that smart devices might serve as a backdoor into our home networks, allowing hackers easier access to our laptops and smartphones and all the valuable information (from passwords to credit cards) that entails. In cybersecurity circles, the examples are already becoming legendary: like the Las Vegas casino that reportedly had its high-rollers database stolen by hackers who entered the network via a smart fist-tank.
Smart devices like fridges and doorbell cameras are typically the weakest link in your home network, Hypponen says. Its a problem compounded by the fact that buyers are rarely encouraged to take even the most basic of safety precautions such as changing the devices password from its default setting. Along with other new technologies (in particular cryptocurrencies like Bitcoin that allow for untraceable payments) its led to a spike in ransomware attacks, where hackers render computers useless until the user sends them a large sum of money. One of the most famous ransomware viruses was the Wannacry malware, which infected NHS computers in 2017 apparently at the instruction of North Korea.
So what can owners do to protect their own devices and their wider home networks against attack? One obvious step, according to F-Secure, is to ensure your WiFi network is as secure as possible. That means changing its name (thus making it difficult for hackers to identify its make and model and, from there, its security flaws), using WPA2 encryption, and ensuring you use a secure password. As for IoT devices themselves, owners should be sure to change the default password and also look at disabling certain features like Universal Plug and Play which make it easier for hackers to exploit their vulnerabilities.
While ransomware attacks are on the rise, Hypponen is also interested in a newer form of cyber-crime which targets the next wave of smaller IoT devices like toasters and hairdryers which connect directly to the internet using 5G. Hang on a minute, I ask. Who needs an internet-enabled toaster? Well, no-one, admits Hypponen. Yet he simultaneously predicts that, as internet-connectivity becomes cheaper and cheaper, it will soon be impossible to buy toasters that dont connect to the internet.
How so? The reason is that toasters arent going online to provide new functionalities to the customer: instead theyll be providing manufacturers with real-time data on exactly how the device is being used. This kind of mass data is extremely valuable to manufacturers, allowing them to continuously improve their products, but it also makes devices vulnerable to cyber attack particularly given many use only the most basic encryption and dont always allow users to change their settings. In the past year, Hyponnen says, hes seen more cyber attacks on IoT devices than Windows computers.
Given these devices arent usually connected to your home network (they access the internet directly through tiny 5G chips), the aim isnt to get hold of your personal data. Hackers want to recruit your devices into their botnets vast swarms of captive IT addresses that can be used to attack internet servers by sending an overwhelming flood of nonsensical data. In 2016, millions of such devices across the world were harvested in the Mirai botnet, which managed to take down websites from Twitter to the BBC, and Spotify to FoxNews. It remains one of the largest cyber-attacks of recent history.
So whats the solution? Hypponen says that industry has been slow to act partly because consumers dont suffer directly if their devices are targeted. During the Mirai attack, I called one office because we could see that a heat pump in their network was part of the botnet, he says. I asked them do you own this particular model of pump? Well are you aware its being used to help take down half of the internet right now?. He says that the company was fascinated to hear about the botnet, but werent particularly motivated to spend their own money to secure their devices. Of course many more wont even know the breach has taken place: a study by the Dutch digital security firm Gemalto found that less than half of businesses were able to identify when an IoT device had been hacked.
Hypponen contrasts the approach taken by both government and industry to cybersecurity with the more established approach to consumer safety. If you buy a washing machine, you can be certain its not going to catch fire or give you an electric shock as we certify those things, he says. But theres no regulation at all on whether the machine might end up revealing your WiFi password to hackers. Though that might be changing: the UK government has begun consulting with experts and industry on how to develop appropriate safeguards, while Finland has just become the first country to introduce a government-backed quality stamp for those products which meet basic cybersecurity standards.
With around a quarter of British homes already using smart devices and another 40 per cent saying they would consider buying one in the next five years its an issue which wont be going away any time soon. Something to keep in mind when youre eyeing up your new toaster.
- Security of online voting questioned | News, Sports, Jobs - The Daily Times - February 16th, 2020
- This may be the last piece I write: prominent Xi critic has internet cut after house arrest - The Guardian - February 16th, 2020
- An Alternative to Windows 7 - Budapest Business Journal - February 16th, 2020
- North Koreas Internet Use Surges, Thwarting Sanctions and Fueling Theft - The Indian Express - February 16th, 2020
- Microsoft Patch Tuesday fixes IE zeroday and 98 other flaws - We Live Security - February 16th, 2020
- 'More guidance and regulation': Zuckerberg requests government rules on 'what discourse should be allowed' - Washington Examiner - February 16th, 2020
- Internet of Things (IoT) Security Product Market: Development Factors and Investment Analysis by Leading Manufacturers 2018 2026 - TechNews.mobi - February 16th, 2020
- Our personal health history is too valuable to be harvested by the tech giants - The Guardian - February 16th, 2020
- Cyber Security Today The latest FBI Internet crime report, adware on the rise, attacks on Wi-Fi and more - IT World Canada - February 15th, 2020
- Indias proposed internet regulations can threaten privacy everywhere - The News International - February 15th, 2020
- Antivirus Is Not Enough in 2020: Here is Why - laprogressive.com - February 15th, 2020
- FBI: Cybercrime losses tripled over the last 5 years - We Live Security - February 15th, 2020
- AIoT Convergence of Artificial Intelligence with the Internet of Things - EnterpriseTalk - February 15th, 2020
- Indias proposed internet regulations could threaten privacy everywhere - The Verge - February 15th, 2020
- Global Internet of Things (IoT) Security Market Key Players, Share, Trend, Segmentation and Forecast to 2026: Cisco Systems, Intel Corporation, IBM... - February 15th, 2020
- Romance scammers stole $475m last year. Here's how to spot them - Verdict - February 15th, 2020
- Safer Internet Day 2020 Together for a better internet - Security Boulevard - February 14th, 2020
- Internet's safe-keepers forced to postpone crucial DNSSEC root key signing ceremony no, not a hacker attack, but because they can't open a safe - The... - February 14th, 2020
- Here's how to avoid becoming a victim of a tax scam - AZ Big Media - February 14th, 2020
- Will Weak Passwords Doom the Internet of Things (IoT)? - Security Intelligence - February 14th, 2020
- Bithumb Employee Found Guilty of Security Failings that Led to Hack - Cryptonews - February 14th, 2020
- Will your vote count? Ohio working to increase election security - WHIO - February 14th, 2020
- Perimeter 81 Introduces SASE Platform This latest offer is based on a partnership with investor and - Channel Futures - February 14th, 2020
- NHS Secure Boundary the next layer of cyber protection for the NHS - Digital Health - February 14th, 2020
- Global Internet of Things (IoT) Security Market Segmentation along with Regional Outlook, Competitive Strategies, Factors Contributing to Growth and... - February 14th, 2020
- North Koreas Internet Use Surges, Thwarting Sanctions and Fueling Theft - The New York Times - February 14th, 2020
- TechForce Aberdeen event to kick off Cyber Scotland Week - The Scotsman - February 14th, 2020
- Security Strategy: Moving Away From Tried and True - Security Boulevard - February 5th, 2020
- Internet Security Software Market investigated in the latest research - WhaTech Technology and Markets News - February 5th, 2020
- What Is Log Management, and Why Is It Important? - Security Boulevard - February 5th, 2020
- Latest Released 2020 Version Of Internet Security Market With Market Data Tables, Graphs, Figures and Pie Chat - TheLoop21 - February 5th, 2020
- Booter Boss Busted By Bacon Pizza Buy - Krebs on Security - February 5th, 2020
- Yet another Windows 10 fail as new update breaks the internet - heres how to fix it - TechRadar India - February 5th, 2020
- 'Formjacking' Is the New Internet Scam We Need to Watch Out For - q985online.com - February 5th, 2020
- Kiwis think benefits of the internet outweigh the negatives - SecurityBrief New Zealand - February 5th, 2020
- GAO: DHS and Agencies Must Work to Improve Cybersecurity - HSToday - February 5th, 2020
- Government to strengthen security of internet-connected products - GOV.UK - January 31st, 2020
- DigiCert Leads Initiative to Enhance EV SSL Certificates - Security Boulevard - January 31st, 2020
- eScan Internet Security Suite - Download - January 30th, 2020
- Internet Security - January 30th, 2020
- Best malware removal software of 2020: free and paid anti-malware tools and services - TechRadar - January 30th, 2020
- Government to strengthen security of internet-connected products - SecurityNewsDesk - January 30th, 2020
- IoT security: Your smart devices must have these three features to be secure - ZDNet - January 30th, 2020
- Millions of Wawa customers data breached selling on dark web - wobm.com - January 30th, 2020
- DigiCert CEO: Focus Security and Privacy on the Person - Infosecurity Magazine - January 30th, 2020
- CounterAct Cybersecurity Group Launches End-to-End Approach to Help MSPs Protect Their Businesses and Customers from Information Security Threats -... - January 30th, 2020
- The US Space Force Has a Rough Launch on the Internet - WIRED - January 30th, 2020
- Startup MGZN The only Arab company on eSecurity Planet's Top 18 Cybersecurity Startups 2020 is this one! - Startup MGZN - January 30th, 2020
- Bitdefender wants to protect your device for just over 7 dollars, but there's a catch - TechRadar - January 26th, 2020
- How scammers take advantage of stressed-out taxpayers - The Guardian - January 26th, 2020
- Here's the Top Cyber-Security Software You Need To Consider Downloading For 2020 - Grit Daily - January 26th, 2020
- Limited internet to be restored in Kashmir, no access to social media - Reuters - January 26th, 2020
- Analyzing AppFolio (NASDAQ:APPF) and Cyren (NASDAQ:CYRN) - Riverton Roll - January 26th, 2020
- The Rise of the Internet of Things | 2020-01-20 - Security Magazine - January 25th, 2020
- Protecting Websites from Magecart and Other In-Browser Threats - Security Boulevard - January 25th, 2020
- Off-campus wireless internet security on par with University - Kent Wired - January 25th, 2020
- Jeff Bezos Phone Hack Should Terrify Everyone - The New York Times - January 25th, 2020
- Limited internet to be restored in Kashmir, no access to social media - WSAU News - January 25th, 2020
- Cyber Security Today Kids clothes site hacked, a new phony email extortion scam and be careful with Internet Explorer - IT World Canada - January 25th, 2020
- Experts write to government on cyber fixes - Economic Times - January 25th, 2020
- Internet Security Software Market by Types, Applications, Countries and Forecasts to 2026 - Vital News 24 - January 24th, 2020
- An Open Source Effort to Encrypt the Internet of Things - WIRED - January 24th, 2020
- Local News Role of the internet in human trafficking to be highlighted at summit in SLO - KSBY San Luis Obispo News - January 24th, 2020
- Global Internet of Things (IoT) Security Market | By Component,By Type,By Application Area Dagoretti News - Dagoretti News - January 24th, 2020
- Internet Security Market to Reap Excessive Revenues by 2026 Dagoretti News - Dagoretti News - January 19th, 2020
- How to Secure Your Windows 7 PC in 2020 - How-To Geek - January 19th, 2020
- Security fears saw nearly half of Europe use the internet less during 2018 - The Brussels Times - January 19th, 2020
- Senate Passes Legislation to Help Boost and Secure the Internet of Things - Nextgov - January 19th, 2020
- Internet of Things presents the next frontier of cyberattacks - ITProPortal - January 19th, 2020
- Ooma Improves on Phone and Home Security with New Products for Cord Cutters - Cord Cutters News, LLC - January 19th, 2020
- Windows 7 computers will no longer be patched after today - Naked Security - January 19th, 2020
- How the Trump administration is secretly assisting Iranian protesters - Washington Examiner - January 19th, 2020
- Iowa results will be compiled over the internet, hacking threat aside - The Fulcrum - January 19th, 2020
- Interview with Jordan Blake on the potential of behavioural biometrics - The Paypers - January 19th, 2020
- Cyren (NASDAQ:CYRN) Stock Rating Lowered by Zacks Investment Research - Riverton Roll - January 19th, 2020
- Password Managers: What Are They & How to Use Them? - TechAcute - January 19th, 2020
- EZVIZ C6CN pan-and-tilt security camera review: Motion tracking keeps intruder in this camera's sights - TechHive - January 19th, 2020
- New Year, new gadgets? Five ways to keep your new devices safe from hackers, cyber attacks and malware - ZDNet - January 6th, 2020
- BlackBerry Collaborating with Amazon Web Services to Demonstrate Safe, Secure, and Intelligent Connected Vehicle Software Platform for In-Vehicle... - January 6th, 2020
- Internet of Things security firm Armis in talks to be acquired -media - Nasdaq - January 6th, 2020