What is IoT security?
IoT (Internet of Things) is a recent technology at least in the domestic sector. It comprises interconnected devices that have access to the internet. These networked systems in turn lead to a larger attack surface, and it may compromise the device and the user data stored in the device. As there is increased deployments of IoT systems, everyone must also be aware about the potential threats and ways to safeguard from such incidents. This article illustrates various real-world evidence about the severity of IoT related cyber incidents which shows how important it becomes to safeguard the devices and be better regulated by the authorities to avoid any mishaps.
Internet of Things, popularly known as IoT, refers to the collective network of devices that are interconnected with other internet-enabled systems. They can all communicate with each other, and their command and control center (typically at the vendors’ end in the cloud) via APIs (Application Programming Interface). These devices could range from smart home appliances, monitoring devices and automotives to sensors used in manufacturing. Common domestic IoT devices include Wi-Fi enabled home appliances (like TV, Refrigerators, Washing Machines, Coffee maker, etc…), smart devices (like Amazon Alexa, Google Home, smart watches, etc…) and more. The variety and volume of devices are also increasing drastically with the advent of innovative solutions for day-to-day problems and increased demand for a more comfortable lifestyle. Soon, humankind could be enveloped by a huge amount of IoT devices that could become a part of our daily life.
The need for IoT security
Ever since the pandemic started and employees started working from home, IoT devices usage have increased in their work and leisure environments. As the adoption of IoT devices increases, safeguarding their ecosystem against cyberattacks becomes increasingly essential. The ability of each of these devices in the ecosystem to communicate with the internet increases the attack surface for hackers to exploit vulnerabilities and use the devices for nefarious purposes. Moreover, the increase in the speed of data transfer over the internet with the evolution of 5G networks could also increase the attack vectors and put more consumer data at risk.
The following examples could be cited to demonstrate the scale of risk due to unprotected and vulnerable IoT systems:
Vulnerability exploit of Jeep vehicle: It was reported by the IBM security intelligence website that a team of researchers were able to exploit a firmware update vulnerability and take over the vehicle’s controls enabling them to make the car slow down or speed up, as well as make it veer off the road.
Mirai Botnet incident: Hundreds of thousands of unsuspecting devices were hacked, and were used by hackers for malicious purposes like utilising their combined compute power to execute DDoS attacks on a large scale and brought down domain registration services provider Dyn. Such device compromises can also be used for crypto mining and other resource intensive processes at the expense of the home owners paying the energy utilisation costs.
Google Home vulnerability exploit: Burger King shot an advertisement depicting a self activated google home device that told their owners about the Whopper Burger. However, Google blocked the ad. Though this may sound fascinating, there is still a real danger of something like this happening in real life and it may not be something as trivial as a burger.
As evidenced from the above incidents, the breach of IoT devices could lead to devastating consequences. Hence, it is of great importance to ensure the security of IoT devices, and also their adoptions to be better regulated by authorities to minimise the number of incidents.