It is estimated that IOT devices will become essential in our daily life and there will be over 50 billion devices by 2020. Households may have several Internet connected devices that will share information with each other. Mobile applications for IoT device are becoming increasingly popular and may even take over the cell phone and tablet market.
Devices designed with the Internet of Things concept may be convenient but there are security risks. There have been IoT devices that were hijacked and added to bot nets in order to carry out malicious attacks. These devices also store sensitive data that hackers would love to steal. A weak infrastructure in combination with our most sensitive information makes for a deadly combination.
The security found in many IOT type devices are not set at a high standard like computers or phones. There had been examples of IOT device bot nets found recently.
IOT devices are typically tiny and they lack physical security. Many devices have low computing power and are too weak to support advanced encryption. The remote management software also is wide open for remote exploitation.
The primary thing users can manufacturers can do is to avoid using default passwords. Many routers and other devices have been exploited in the past using defaults passwords and simple IoT devices are following suit. Even a surprising amount of IT professionals use default passwords so the average Joe would definitely be wide open. A hacker just needs to study the manual to take advantage of most devices.
Hackers may use dictionary attacks to automatically crack simplistic passwords. Using simplistic passwords with names, common nouns and short strings of numbers is almost guaranteed to be cracked. Long complex passwords are ideal to prevent the most basic hacking attempts.
Manufacturers of IoT devices should include randomized passwords or require that the user sets a password before using the device. There should also be requirements for users to set advanced passwords with aluminum requirements. This type of policy has been successful in preventing hacking in other types of platforms.
Follow Jason Hope on Twitter
Having a weak IoT device may also lead to leaks of personal data from computers and cellphones. Viruses may sniff packets for unencrypted information or even hijack other computers in the network. Using encryption software will prevent any leaks of sensitive documents or images in this situation. Users should always have the habit of forcing SSL on all of the websites that they visit.
Digitally signed and encrypted firmware should also be a necessity. Hackers could deploy their own versions of firmware, making the spread of viruses nearly impossible to be stopped. Hackers have deployed malicious firmware to cell phones, routers and computer motherboards in the past. These infected firmwares may also spread viruses to other devices, USB memory sticks and other computers on the network.
Manufacturers are also neglecting updates for devices. The mass production of these types of devices leave many of them neglected by manufactures and many households may be compromised. Computer and cell phone operating systems receive regular security updates and Iot devices should be treated exactly the same. Hackers are left to probe existing devices and attack in the future without any sort of resistance.
Since users may be using these devices for years, manufacturers should continue to support them for years as well. Even the Department of Defense suggests that IoT companies should come up with an road map of support and make it clear to the user.
Options for either automatic or manual updates should be given to all of their customers. Some may consider seamless updates to be a breach of privacy so consent would be ideal to consul the consumer.
Like Jason Hope on Facebook