Are Internet-of-Things Devices Really that Easy to Hack?
With the number of IoT devices reported to hit billions in the next couple of years, households will become fully automated and interconnected, and wearables will become vital in tracking and optimizing our daily activities.
However, recent security research has shown many of these smart devices are prone to security vulnerabilities that might compromise users’ privacy, and even the entire network security of their household. Most have been deemed bot only privacy hazards, but they’ve also been tagged as inherently insecure by design.
How easy is it to hack an IoT device?
Depending on the nature of the smart device, most can usually be breached because of open ports or poorly configured default passwords that can be easily guessed or brute-forced. While sometimes the manufacturer is to blame for these settings, end users share some responsibility as they’re usually not aware of these configurations.
More advanced vulnerabilities involve smart devices that don’t use encrypted communication when “talking” to other devices. This makes it relatively easy for an attacker to sniff traffic and alter those back-and-forth messages to his advantage.
Of course, all these vulnerabilities require some technical skills, and it’s not just a matter of watching YouTube videos showing you step-by-step instructions, but it does pose some risks in terms of security and privacy. To be direct, hacking some of these smart devices usually involves common network traffic capturing software and some basic networking skills to pull it off but, for really nasty exploits, bad guys need some advanced skills.
Smart IP cameras that allow you to keep an eye on your house over the internet could even allow attackers to peek into your home, if not properly configured. Plugging them into your home network without changing their default settings – passwords, encryption, or ports – would open up your home to prying eyes and even cyberattacks from skilled hackers.
Vulnerabilities that involve attacks on web application interfaces that control the IoT device or attacks on mobile apps that control these smart devices are usually a bit more complicated to pull off, but not impossible. Whenever devices that handle data that can be monetized are involved, cybercriminals will always be interested in gaining access to them.
Furthermore, if these devices are connected to home networks, it means they can be used as gateways to penetrate other network devices, such as laptops, mobile devices and even other smart things.
Who’s to blame?
Both end users and IoT manufactures share security responsibilities. While the manufacturer’s main goal is to sell devices that address a specific need, they don’t always adhere to security best practices or guidelines, nor do they plan for future software or security patches.
As IoT devices have become more of a sessional trend and not a long-term investment, security aspects have been treated with lax policies. Users on the other hand don’t yet fully understand the implications of having a smart and interconnected home, thus privacy and data loss implications are poorly regarded.
What can you do about it?
Changing default configuration settings for any home network IoT device and even connecting them to a secondary network would be a good approach to avoid any potential full network problems. It’s also recommended that you learn everything you can about an IoT device before you buy it to make sure it comes with built-in security features that can be customized according to your own specifications.
Of course, there’s always the option to start pressuring IoT manufacturers to build in some basic security features regarding local and in-transit data encryption along with strong password encryption and authentication. While this is not something that will happen overnight, applying some collective pressure could ensure in the near future these will be implemented.
However, if you’re looking for a hassle-free solution for securing all your home network smart devices, there’s Bitdefender Box. It’s not only easy to set up and connect to your home network, but it’s also able to secure all your IoT devices while providing constant insight into their behavior via a user-friendly mobile app.