Major web based services, including Twitter, Netflix, Amazon Web Services and Spotify were offline for most of the day last week, due to a large-scale Distributed Denial of Service attack. This onslaught targeted the home routers, DVRs and webcams of consumers who had not changed default user names and passwords of these internet connected devices.
Currently, 6.4 billion devices connect to the internet, and that number is projected to grow to 20.8 billion over the next four years. Outages like this past week’s are devastating to businesses, who stand to lose billions during downtime, and to individuals, whose personal data and information is at risk as a consequence of these events.
The Internet of Things has been exploited in recent cyber attacks.
Last week’s incident is one of many infiltrations via the Internet of Things (IoT), the name for the billions of everyday objects which have network connectivity. Last year, hackers were able to retrieve the passwords of connected wireless networks through app-controlled smart kettles. In some instances, smart refrigerators have been breached and used to send three quarters of a million SPAM emails. Startlingly, baby monitors are another popular target – hackers have been known to view camera feeds and communicate through the devices’ speakers.
From hardware and software to configuration and end-user security, there are multiple potential vulnerabilities in IoT electronics. How can manufacturers and consumers improve the security posture of connected everyday devices? The growing demand of new device technology often means that security is a secondary concern. Companies may also hesitate to perform security patches, preferring risk to service interruption. In a recent device survey conducted by ISACA, 78% of consumers stated that security is insufficient. These worries, coupled with the global rise in hacking attempts require the development of IoT security frameworks, secure programming best practices and end-user education.
Manufacturers must take proactive security steps such as encrypting data transfers, following security framework best practices, developing with secure coding techniques and executing penetration testing on hardware and software. In addition, software patching and maintenance must be transparent – relieving the consumer of responsibility. Manufacturers can perform this by patching and updating software on IoT devices in a way that does not require the consumer to perform manual steps. Automated configuration and installation processes of devices offer another level of protection and eliminate security user-error.
Consumers can do their part in keeping connected devices and data safe by following manufacturer recommendations during the configuration and installation process. Exercising good judgment with password selection and protection is a simple, yet often overlooked, security measure. Disconnect your device and report any suspicious activity to your device manufacturer immediately.
Keep current with security news, professional development opportunities, industry analysis and more by signing up for Merit’s FREE monthly Inbox Insider report! Join here: Merit.edu/InboxInsider