2 min read

The pitfalls of IoT devices and how to address them

Luana PASCU

November 14, 2016

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
The pitfalls of IoT devices and how to address them

Many challenges affect IoT security, and the top issue is that no connected device can be secured 100 percent. What”s worse is that not much has actually improved since Former US Vice President Dick Cheney”s wireless pacemaker was disabled to prevent attempts on his life. That was nine years ago!

Recent DDoS attacks prove that 500,000 devices can be hacked in less than five minutes and turned into botnets, because they haven”t been, or can”t be, updated. Some researchers expect connected devices to reach 50 billion by 2020 while others forecast 20 billion by that date. One thing is clear; the number is growing to four devices per user, at least, and we haven”t seen the worst yet. What will happen when billions of connected devices, with old software, are turned into weapons to attack organizations, cities and even governments?

IoT security is right where we left it nine years ago, although the number of connected devices keeps on soaring. This issue is vital but manufacturers keep ignoring it, while users are as naïve as ever. The only winners in this are hackers, who take advantage of the many opportunities created by the lack of infrastructure to protect IoT and mobile devices.

We”re going through tremendous online transformation, yet the threats we”re dealing with are “beyond the devices used, as hackers will not only target your devices but all the data stored in the cloud,” Emmanuel Schalit, CEO of Dashlane, a password managing company, said in a panel talk at WebSummit last week about how to protect connected devices.

We already know users are a liability, but they also carry great responsibility. Even high-profile officials come up with the weakest passwords and reuse them for multiple accounts. Remember the Podesta email leak fiasco?

Most likely, password security is not the answer anymore. In fact, we need to get rid of them and find a way to secure IoT without involving humans because “consumers have a short memory on breaches,” said Rami Essaid, co-founder of Distil Networks. Instead of demanding better security, users expect dozens of fancy features which only increase security risks.

“Human authentication is not scalable because you can”t type passwords or download firmware updates every day for each device in your smart home,” explained Essaid.

IoT devices are entry points for hackers, but smart homes are not the only areas posing risks to our privacy and safety. Power grids, medical devices, water mains and smart meters collect critical data in real time and, if abused, the consequences could be crucial for entire city infrastructures. These devices need unique in-built security that stands the test of time, even 10 – 15 years from now, so vulnerabilities can”t turn them into backdoors to the cloud. Upgradeability may solve a problem or two, if properly focused on the future, to ensure security holes are detected as soon as possible instead of a year later, as is the case now.

Although governments have made some effort to come up with measures, chances of having unitary regulations for IoT are small, mostly because governments are at least five years behind when it comes to understanding technology and the industry, added Essaid. As we can”t rely completely on governments and manufacturers to fix this problem in the near future, educating users about the importance of online security is the most important step forward.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read
Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read