Are You Helping Someone Take Over the World?01/29/2021
The title of this article is a little scary, but it is not hyperbole. Anyone of us, at this very moment, maybe enabling a hacker or group of hackers. A hacker can take over or attack a server breaching its data or shutting it down. How could you be involved? It is not as implausible as you may think.
There are over 7 billion IoT devices worldwide. Cisco, a network hardware Company, predicts there will be 28.5 billion connected devices by 2022. Security is a serious issue for many devices prompting governments to create new regulations. If you use any of the aptly named Internet of Things (IoT) or smart devices in your home, you may be contributing to the problem.
In 2016, hackers exploited 100,000 of these devices, creating a DDoS (distributed denial-of-service) attack. The attack used the devices to overwhelm a leading DNS provider bringing down several prominent websites. Sites such as Amazon, Twitter, The Wall Street Journal, PayPal, and more were affected by the attack. Known as the Mirai botnet attack, the overwhelming amount of traffic sent by the insecure IoT devices brought legitimate traffic on some of these sites to a standstill.
Manufacturers often leave these devices vulnerable with little or no built-in security. Simple, unencrypted default passwords remain active even after device deployment. Studies show that Users regularly use simple passwords, even when prompted to update the default. Some default passwords are found by simply searching the internet.
As attacks on these devices become more prevalent, the risk grows exponentially. According to cybersecurity company Kaspersky Lab, attacks in the first half of 2018 equaled three times the number of attacks in all of 2017. As the number of IoT devices grows, the number of attacks appears to be heading in a troubling direction.
It is not just DDoS attacks either. IoT devices leave us vulnerable to having our personal information stolen, as well as spying by governments, corporations, and hackers. I read a recent article where a white hat hacker (One of the good guys) took control of a robotic vacuum with an onboard camera. The hacker could control the path of the vacuum and see everything in the house. An attack like this would allow a hacker to spy on you and tell them whether or not you were at home.
Homes and businesses use IoT devices. Businesses are susceptible to attacks that could leave assembly lines at a standstill; thermostat adjustments could make it too hot or cold to continue working, along with data theft or manipulation.
How do we stop the attacks? First, consider the exposure a device has to your network. If the network stores sensitive data evaluate whether the device is worth the risk. If you decide the risk is worth the potential vulnerability, secure the device to the best of your ability. Only use strong passwords, avoid common or default choices. You may be able to isolate the device using a router via a guest network.
As IoT devices increase, we must be aware of the risks they pose. Carefully planning the deployment of smart devices may be the difference between maintaining security and becoming the victim of an attack.