11-11-2019 | | By Moe Long
The Internet of Things (IoT) continues to rise in popularity. Now, it seems almost anything boasts Internet connectivity, from single-board computers, mobile devices, and TVs to fridges. Outside of consumer IoT, industrial IoT is incredibly prevalent. Plus, even industries such as professional sports have accepted connected devices. But despite the dominance of IoT, it’s still a cause for concern. Learn about the top IoT concerns, from surveillance to authentication issues.
Sometimes, smart technology aims to provide surveillance, as is the case with security cameras. However, the Internet of Things may create accidental surveillance as well. This ranges from concerns over monitoring via smart assistants like Alexa and Google Assistant, to forced network breaches. Since IoT devices are engineered to capture and record data, there’s a fertile landscape of information that can provide insight on users and organizations.
Your method of combating surveillance in IoT depends on your end goals. Companies should opt for high-end encryption and network security. Often, this means opting for trusted brands such as Cisco, HPE, and Symantec. Individual users should also maintain a secure network. A fantastic way to combat IoT surveillance is the three router IoT security solution. Essentially, you’ll have three routers: a main router which serves as the Internet gatekeeper, an IoT router for your smart devices, and a secure router for your secured devices like your server, printer, desktop, and laptop.
Although it may seem counterintuitive, IoT device updates might not receive as many updates as the latest AAA game, or even indie game. Because maintaining secure ecosystems means increased testing, the update cycle may be haphazard. As such, many IoT devices will be susceptible to hacks. Unfortunately, there’s not necessarily a lot you can do to force updates. The best option it to select products from well-known vendors that offer regular update cycles for their products.
It seems DDoS attacks are continually more common. Basically, a DDoS is where several compromised devices are utilized to target one system which therefore creates a Denial of Service. Infected machines are known as bots, with the entire ecosystem known as a botnet. These are controlled by server. When an attack is carried the server sends a commands to its botnet which in turn carry out an attack, and a target is essentially flooded.
While DDoS attacks can be pretty nasty, causing everything from financial loss to mere frustration, there are measures which can combat a DDoS IoT attack. One of the best countermeasures is by connecting Internet of Things devices to a low-power wireless network. Since it’s low-power, devices wake up only for sending and receiving data. As such, there’s very little opportunity to carry out an attack.
Bring your own device (BYOD) is often associated with mobile phone carriers. However, BYOD can be a major security threat in enterprise environments. Many employees wish to utilize their personal IoT devices, including phones, tablets, and smartwatches for business use. But deploying enterprise-calibre software on unvetted BYOD devices is a risky venture.
When fighting BYOD vulnerabilities, it’s best to figure out what methods a device has for communicating on a network. Likewise, limited or no connectivity is best for BYOD products which haven’t been through proper IT scrutiny. Having a guest network for personal devices is an excellent way to maintain a secure enterprise-level network while allowing for BYOD connectivity.
When possible to use two-factor authentication for logins. At the very least, a strong password is necessary. It’s terrifying how many routers alone are left with a default password of something such as “admin.” Enabling two-factor authentication where it’s available, and using complex passwords as well as secure password recovery methods are simple enough implementations which really go a long way toward bolstering IoT security.
IoT devices surround us, with everything from watches and wearables to speakers, fridges, and thermostats boasting internet connectivity. While this is pretty useful for configuring automations, capturing data, and monitoring purposes, more IoT devices means additional concerns for security. Thankfully, there are tons of potential solutions, from a dedicated insecure device network to enabling two-factor authentication, and deploying hardware as well as software from trusted vendors.
Your turn: What do you see as the top IoT security threats?