With the massive amounts of household, leisure items and toys that have a ‘smart’ element to them, could any of the IoT presents that you receive or give this Christmas be taken over and used by hackers in 2017?
A Big DDoS with IoT
Back in October this year, cyber criminals were able to take over many thousands of household ‘Internet of Things’ (IoT) devices, and use them together as a botnet to launch an online distributed denial of service (DDoS) attack (Mirai) on the DNS service ‘Dyn’, with global consequences. The devices included things like white goods, CCTV cameras and printers, and the major platforms that were put out of action by the attack included Twitter, Spotify, and Reddit.
Only two months down the line, many of us will be giving and receiving IoT devices as Christmas presents that are just as vulnerable to being taken over and used by hackers for attacks in the coming year.
The kinds of smart devices that are part of the IoT and could potentially be exploited include fridges, kettles, toasters, and systems used to heat and monitor your home remotely. While smart devices and the IoT have many great benefits and great potential, they also bring security risks that are not yet fully understood.
Why Are These Devices Vulnerable?
Technical experts and commentators believe that it is not easy for manufacturers to make internet-enable devices secure because:
- Adding security to household internet-enabled ‘commodity’ items costs money. This would have to be passed on to the customer in higher prices, but this would mean that the price would not be competitive. Therefore, it may be that security is being sacrificed to keep costs down – sell now and worry about security later.
- Even if a security problem is located in a device, the firmware (the device’s software) is not always easy to update. There are also costs involved in doing so which manufacturers of lower-end devices may not be willing to incur.
- With devices which are typically infrequent and long-lasting purchases – e.g. white goods, we tend to keep them until they stop working, and we are unlikely to replace them because they have a security vulnerability that is not fully understood. As such, these devices are likely to remain available to be used by cyber criminals for a long time.
What Does This Mean For Your Business?
If your business manufactures or sells smart devices, be aware that if recent months are anything to go by, consumers will begin to understand the value of security protection of their IoT devices, and it may become part of the purchase criteria in the near future.
For businesses and individuals, one simple step that we can all take to make sure that our ‘smart’ Christmas presents and other smart items are protected is to make sure that, if they have a default username and password, these need to be changed as soon as possible. Make sure that the new username and password are very secure and very unlikely to be discovered easily.