Security of IoT set to worsen before it gets better

The market for Internet of Things is huge by current calculations and future predictions. Connected things are now regular features in our homes and they’ve been present in the critical infrastructure segment for a while.

A recent survey of security professionals shows their conviction that IoT devices will become the preferred attack vector for nation state actors. 93% of the 130 experts questioned at the Black Hat security conference believe that state-backed adversaries will target or exploit connected systems, and 40% of them think that IoT devices in the energy and healthcare sectors are main candidates.

Recent stories about the devices’ potential for harm if wielded for malicious intentions seem to support this belief. For instance, researchers posit that a sufficiently large botnet of high-wattage smart products – air conditioners, heaters, ovens – could seriously impact the power grid when turned on or off at the same time. The imbalance created this way between the supply and demand of electricity could trip the generators in the power station.

Smart irrigation systems commanded by a threat actor could contribute to wasting the water supply of a town. Researchers were able to take control over three smart sprinkler models and modify their water flow. Such an attack could rely on a botnet that looks for irrigation systems on the local network, so the targets would not even have to be exposed to the web.

On the healthcare front, until a change for the better has a real impact, vulnerabilities are reported all the time in medical devices: from a 4-year old bug in a gateway device to critical flaws in infusion pumps and pacemakers.

Consumers are an unlikely target for deep-pocket hackers, but they are not safe from common cybercriminals. The typical use for compromised IoT is in the distributed denial-of-service (DDoS) business; but these devices are also suitable for other activities.

Cryptomining, setting up proxy services for malware distribution, masked communication, running credential stuffing attacks, or just leasing them to other cybercriminals to carry out their business are a handful of applications for hacked smart devices.

Long-term predictions are difficult to make, even with efforts underway for better security in the IoT segment. But it is easier to see into the near future: unless users maintain their connected systems up to date, and IoT manufacturers adopt minimum  standards , cybercriminals will keep running successful businesses.

Add Comment

Your email address will not be published. Required fields are marked *