There will be more than 50 billion IoT (also known as "Internet of Things") connected devices by the year 2020, according to a whitepaper by Cisco. Which means that IoT devices will soon become essential, and necessary, in our daily lives. Modern households may even have several devices connected to the internet — sharing information with each other and often sending reports and notifications to your phone. We even see this trend in the mobile application market for these devices. Some are even predicting that these new IoT mobile applications may take over the cell phone and tablet market in the next few years.
Devices that are designed with the Internet of Things concept may be convenient, but there are also some huge security risks involved. Recently, there has been a rise in IoT devices being hacked and added to botnets to order to carry out malicious attacks. IoT devices often store sensitive data that hackers may try to steal. Sensitive information combined with a weak infrastructure makes IoT devices extremely tempting for hackers.
The security found in many IoT connected devices is not high. It's not comparable to what you'd find on our computers or phones. Because these devices are typically tiny and lack physical security or are locked to factory default passwords, the rise in IoT botnets has been rampant. These small internet connected devices often have low computing power, making them too weak to support advanced encryption. And with their remote management software, IoT devices are often seen as wide open for remote exploitation.
The primary thing IoT users can do to keep their data, and homes, safe, is to avoid using default passwords. Many routers and other devices have been exploited in the past using default passwords and simple IoT devices are following suit. Even a surprising amount of IT professionals use default passwords, which only makes them an easy target. Many times a hacker just needs to read a manual in order to take advantage of most IoT devices on the market today. When it comes to creating a strong password, avoid using simplistic passwords with names, common nouns and short strings of numbers. These types of passwords are almost always guaranteed to be cracked. Long, complex passwords are ideal to prevent the most basic hacking attempts. Use a variety of numbers, symbols and varying letter case in your passwords to keep your data safe.
Manufacturers of IoT devices should include randomized passwords or require that the user sets a password before using the device. There should also be requirements for users to set advanced passwords with aluminum requirements. This type of policy has been successful in preventing hacking in other types of platforms. Because of the interconnectivity of these devices, having one weak IoT device can lead to the leak of your personal data from other computers and cell phones. Viruses may seek out packets of unencrypted information or even hijack other devices connected to your network. Using encryption software can help prevent any leaks of sensitive documents or images in this particular situation. Consumers should always be in the habit of forcing SSL on all of the websites that they visit.
Digitally signed and encrypted firmware is also a necessity. Hackers can deploy their own versions of firmware, making the spread of viruses nearly impossible to stop. Hackers have deployed malicious firmware on cell phones, routers and computer motherboards in the past. This infected firmware may also spread viruses to other devices, USB memory sticks and other computers on your network.
Manufacturers are also neglecting updates for these devices. The recent mass production of IoT devices may leave many of them neglected by their manufacturers, which can lead to many households being compromised. Computer and cell phone operating systems receive regular security updates and IoT devices need to be the same. Hackers can probe existing devices today and attack in the future without any sort of resistance.
Since consumers are expected to be using these devices for years to come, manufacturers should continue to develop and support the software as well. Even the Department of Defense suggests that IoT companies should come up with a roadmap of support and make it clear to the user. Options for either automatic or manual updates should be given to all of their customers.