www.soundshore.nethubfssoundshore-siteheader-img-2

The Next Level Network Blog

IT Management, Security, Compliance for Regulated Firms

Cyber Attacks on IoT Devices Are Rising

Jun 14, 2019 12:07:28 PM / by Eric Benda, CEO

Why More Secure Smart Devices Are Critical to Network Security

In recent years, there’s been a lot of attention on the Internet of Things (IoT). The IoT is revolutionizing many aspects of modern life, but it is also enabling unprecedented cyberattacks on IoT devices. It’s critical for businesses to understand how and why these attacks work, as well as why they must seek more secure smart devices to protect office network security. This is especially true of regulated industries including financial services and healthcare that are adopting IoT technologies to better serve their clients and patients. They must also deal with the downside.

According to its Wikipedia definition, IoT is the extension of Internet connectivity into physical devices and everyday objects. These devices can then communicate and interact with others over the Internet, and they can be remotely monitored and controlled. It’s easy to imagine how bad actors could exploit these factors to breach a smart home security system or to spy on an office conference room via a smart TV.

IoT Attacks Can Go Much Farther and Wider

Bad actors, both individual and nation state, have executed wide-reaching attacks on Internet service providers, web hosting companies, popular blogs and the power infrastructure, which is truly frightening. An early and infamous attack known as Mirai infected more than 600,000 LINUX IoT devices with malware in August of 2018.

There have also been numerous and destructive distributed denial of service (DDOS) attacks using IoT devices to create a botnet that sends massive junk traffic to overwhelm and take down websites. For those readers not familiar with the term botnet, Techopedia defines it as:

…a group of computers connected in a coordinated fashion for malicious purposes. Each computer in a botnet is called a bot. These bots form a network of compromised computers, which is controlled by a third party and used to transmit malware or spam, or to launch attacks.

In 2018 an ominous pattern of power outages at airports around the United States caused suspicion and speculation about the role of bad actors using IoT devices to overload power grids. Affected airport facilities included New York’s LaGuardia, Reagan National in D.C., Hartsfield Jackson in Atlanta, Las Vegas, and Bradley International in Connecticut. A group of Princeton University researchers made the case at a security conference that hackers manipulated millions of devices and home appliances to turn on and off. This, the researchers believe, created artificial power demand, tripping generators and causing the outages.

Nation state bad actors are the most likely perpetrators of this type of attack. It’s not much of a leap to imagine attacks on national security infrastructure or the taking down of Internet access. From office security to national security, we have a problem. Gartner reports that by 2020, there will be 20 billion IoT devices in use globally.

Why Are IoT Devices So Vulnerable?

Manufacturers of IoT devices typically license software for chip-enabled devices from third party vendors. In the race to market, these vendors have been charged with the objective of product functionality. There’s been far less focus on product security. A majority of devices have weak or hard-coded passwords that are no match for hackers.

Devices with artificial intelligence (AI) connectivity – digital assistants like Alexa, Siri and Bixby – add to the IoT’s security vulnerabilities from the standpoint of control, as well as the potential for third-party spying.

A roadblock to providing solutions is the IoT’s platform fragmentation and lack of technical standards. The wide variety of IoT devices along with their endless hardware and software variations make it difficult to develop cross-platform security solutions. For instance, wireless connectivity for IoT devices can be achieved via Bluetooth and an array of other systems, including proprietary radio frequencies. Fragmentation also affects security because vendors fail to support users of older and lower-priced devices with updates and patches to bugs found in their systems.

What Can Companies Do?

For the moment, the best companies can do when acquiring smart, IoT-capable devices for office or general business use is to select devices with authentication capabilities like primary key infrastructure, in which there is a private key for each device.

There is some good news in the IoT security arena. Businesses like Shelton, Connecticut-based SecureRF offer security solutions to manufacturers of IoT devices for home, business, industry and government agency use. Its technology innovations, based on Group Theoretic Cryptography, provide security functions such as authentication and data protection for devices of all sizes. SecureRF solutions can be engineered into new devices or retrofitted onto existing ones. The company is partnering with major semiconductor companies including Arm, Intel, Renesas and STMicroelectronics to help device manufacturers close the IoT security gap.

As always, being an educated consumer of technology is key to protecting your company’s data and reputation for keeping client information and assets secure. If you’d like to speak with Soundshore Technology Group’s cyber security experts, send an email to sales@soundshore.net. We’ll be happy to help. While you’re here, please take a look at our full array of cyber security services.

You can also download our free Guide to Freeing Your Files in a Ransom Ware Attack – And Avoiding One here.

 

Topics: cyber security, Soundshore Technology Group, IoT Cyber Attacks, SecureRF

Eric Benda, CEO

Written by Eric Benda, CEO