{"id":36980,"date":"2023-10-20T14:47:21","date_gmt":"2023-10-20T14:47:21","guid":{"rendered":"http:\/\/startupsmart.test\/2023\/10\/20\/the-security-risks-of-the-internet-of-things-startupsmart\/"},"modified":"2023-10-20T14:47:21","modified_gmt":"2023-10-20T14:47:21","slug":"the-security-risks-of-the-internet-of-things-startupsmart","status":"publish","type":"post","link":"https:\/\/www.startupsmart.com.au\/uncategorized\/the-security-risks-of-the-internet-of-things-startupsmart\/","title":{"rendered":"The security risks of the Internet of Things – StartupSmart"},"content":{"rendered":"
\"\"<\/div>\n

By\u00a0Patryk Szewczyk\u00a0and\u00a0Nikolai Hampton<\/em><\/p>\n

The range and number of \u201cthings\u201d connected to the internet is truly astounding, including security cameras, ovens, alarm systems, baby monitors and cars. They\u2019re are all going online, so they can be remotely monitored and controlled over the internet.<\/p>\n

Internet of Things (IoT) devices typically incorporate sensors, switches and logging capabilities that collect and transmit data across the internet.<\/p>\n

Some devices may be used for monitoring, using the internet to provide real-time status updates. Devices like air conditioners or door locks allow you to interact and control them remotely.<\/p>\n

Most people have a limited understanding of the security and privacy implications of IoT devices. Manufacturers who are first-to-market are rewarded for developing cheap devices and new features with little regard for security or privacy.<\/p>\n

At the heart of all IoT devices is the embedded firmware. This is the operating system that provides the controls and functions to the device.<\/p>\n

Our previous research on internet device firmware demonstrated that even the largest manufacturers of broadband routers frequently used insecure and vulnerable firmware components.<\/p>\n

IoT risks are compounded by their highly connected and accessible nature. So, in addition to suffering from similar concerns as broadband routers, IoT devices need to be protected against a wider range of active<\/em> and passive<\/em> threats.<\/p>\n

Active IoT threats<\/h3>\n

Poorly secured smart devices are a serious threat to the security of your network, whether that\u2019s at home or at work. Because IoT devices are often connected to your network, they are situated where they can access and monitor other network equipment.<\/p>\n

This connectivity could allow attackers to use a compromised IoT device to bypass your network security settings and launch attacks against other network equipment as if it was \u201cfrom the inside\u201d.<\/p>\n

Many network-connected devices employ default passwords and have limited security controls, so anyone who can find an insecure device online can access it. Recently, security researchers even managed to hack a car<\/a>, which relied on readily accessible (and predictable) Vehicle Identification Numbers (VINs) as its only security.<\/p>\n

\"\"<\/a><\/figure>\n

Hackers have exploited insecure default configurations for decades. Ten years ago, when internet-connected (IP) security cameras became common, attackers used Google to scan for keywords contained in the camera\u2019s management interface.<\/p>\n

Sadly, device security hasn\u2019t improved much in ten years. There are search engines that can allow people to easily locate (and possibly exploit) a wide range of internet-connected devices.<\/p>\n

Passive threats<\/h3>\n

In contrast to active threats, passive threats emerge from manufacturers collecting and storing private user data. Because IoT devices are merely glorified network sensors, they rely on manufacturer servers to do processing and analysis.<\/p>\n

So end users may freely share everything from credit information to intimate personal details. Your IoT devices may end up knowing more about your personal life than you do.<\/p>\n

Devices like the Fitbit may even collect data to be used to assess insurance claims.<\/p>\n

With manufacturers collecting so much data, we all need to understand the long-term risks and threats. Indefinite data storage by third parties is a significant concern. The extent of the issues associated with data collection is only just coming to light.<\/p>\n

Concentrated private user data on network servers also presents an attractive target for cyber criminals. By compromising just a single manufacturer\u2019s devices, a hacker could gain access to millions of people\u2019s details in one attack.<\/p>\n

What can you do?<\/h3>\n

Sadly, we are at the mercy of manufacturers. History shows that their interests are not always aligned with ours. Their task is to get new and exciting equipment to market as cheaply and quickly as possible.<\/p>\n

IoT devices often lack transparency. Most devices can be used only with the manufacturer\u2019s own software. However, little information is provided about what data is collected or how it is stored and secured.<\/p>\n

But, if you must have the latest gadgets with new and shiny features, here\u2019s some homework to do first:<\/p>\n