Thursday, May 19, 2022
HomeFeaturedCybersecurity failures in the internet of things

Cybersecurity failures in the internet of things

The “internet of things” has been steadily growing to the point where it is now an expansive and vulnerable digital landscape. With so many devices connected to the web, hackers, thieves and criminals can now find ways to achieve network access via unexpected means or cause disruption in ways that were not possible before internet access became ubiquitous. 

What is the Internet of things?

The Internet of Things, often abbreviated as IoT, is a term that is used to describe the interconnection of hardware devices that communicate with one another wirelessly to exchange data.

Smart phones, tablets, laptop computers and office devices make up a large portion of the IoT. However, most of today’s electronics need to do more than simply the job they were built for.

From video game consoles to home audio systems and even electric toothbrushes and bathroom scales, integration into daily life and any already existing gadgets is an initiative among manufacturers who are eager to put the word “smart” in front of anything they produce.

Creating a companion app for a product not only gives the impression of technological superiority if compared to the competition, but also allows manufacturers to take advantage of the insights that can be gleaned from examining user data that may be collected any time the device is used.

The internet of things and data privacy

A refrigerator seems to be an unlikely cybersecurity liability, but as the IoT has come to encompass everything from water bottles to dog collars, threat actors have been hard at work probing for weaknesses and ways in which to enter systems through backdoors that seemed absurd as recently as a decade ago.

Because ease of connection is prioritized over security when it comes to the vast majority of these devices, they provide threat actors with potentially low hanging fruit.

Hacking into an electronic dog door may seem like a comical endeavor, but if the owner uses the same password to access their pet’s accessory as they do their personal email, the implications can become serious.

As the world’s workforce spent more time at home due to pandemic restrictions, IoT usage has increased in frequency as have cyberattacks designed to compromise connected devices. 

In the first six months of 2021, computer security provider Kasperky recorded 1.51 billion breaches of IoT devices. The same company noted that 639 million had occurred over the entirety of the previous year, marking a skyrocketing uptick in IoT security incidents.

5 internet of things security nightmares

1. Elekta cancer software

In the spring of 2021, Swedish cancer software provider Elekta was the victim of a ransomware attack that required the company’s IT department to take their cloud-based software offline.

As a result, US patients across 170 health networks had radiation therapy delayed due to the fact that the machines used in the process require a constant line of communication with Elekta’s software.

While the delay of life saving procedures is worrisome enough, other medical devices could possibly be hacked in order to prevent them from working or even present incorrect data that may affect treatment.

With the vast amounts of personal data moving through hospital networks and their unique position when it comes to their necessity, healthcare systems are frequently targeted by hackers who know that the seriousness of disrupted service gives them an advantage when it comes to negotiating for a quick ransom.

While employing the Internet of Things greatly eases the exchange of information, connecting critical devices via wifi requires a superior degree of security.

2. Ring home security cameras

Security cameras, small, affordable and able to capture high resolution video, are one of the most popular internet of things devices outside of peoples’ phones and computers.

Ring, an Amazon company, suffered some bad press after a number of families experienced hackers taking remote control of their security cameras. In some instances, the hackers were actually communicating to the homeowners via their connected speakers.

Understandably, a company that sells the idea of security found itself having to explain how this could happen.

While the intrusions were largely the result of poor password habits as opposed to negligence on the part of Amazon, the incidents are a shocking reminder that privacy is a commodity in a world of data and always-on digital connections.

3. Amazon Echo smart speakers

It should come as no surprise that a device that is connected to the web and always listening provides ample opportunities for data theft or breaches of privacy.

Recently, an exploit was found in which a hacker could cause an Amazon Echo smart speaker to verbally give itself a command and then comply. This could allow someone to remotely control someone else’s smart home features like cameras and door locks. It can also allow someone to make unauthorized purchases or phone calls.

Smart speakers can also be used to eavesdrop if users download malware hidden in seemingly harmless apps. The Google Play store, for example, is notorious for harboring apps created by shady developers that pose as simple utility programs but actually inject malicious code into devices that can then be used to steal everything from audio recordings to banking data.

4. St. Jude cardiac devices

In 2017, it was discovered that implantable cardiac devices such as pacemakers or defibrillators manufactured by St. Jude could have their transmitters hacked

Using the transmitter, an assailant could deplete a device’s battery, disrupt its rhythm or use it to shock a victim. 

While the exploit was never utilized outside of the research that was done to determine its existence, it highlighted a frightening manner in which criminals could be able to exploit advanced, implanted medical devices to inflict physical harm.

5. Smart TVs

From stealing the passwords you use to access your favorite streaming apps to using your TV’s camera and microphone to snoop on people in their own homes, smart TVs are treasure troves for even unsophisticated hackers. 

While no major hacks via smart TVs have been reported, exploits have been found within them that have the potential to allow someone to have remote control over the set or dip into some of the data that the device collects.

Like the issue with Ring’s security cameras, much of the security surrounding smart TV usage is left up to the user’s discretion which puts many people in a challenging position given that most simply want to watch their favorite shows, not worry about the amount of data that their television is soaking up.

How to improve internet of things security

The fact remains that today’s complex devices and onboard computers still provide criminals with ever more opportunities to steal data.

From Tesla vehicles to baby monitors, any equipment connected to the internet poses a security risk and it largely falls on the consumer to look after their own safety.

Putting obstacles between hackers and your network is the most effective way to stay protected.

Some users create a separate network exclusively for their IoT devices. This network does not exchange information or connect to any devices that harbor or transmit sensitive information. This allows IoT devices to work as needed, but restricts their ability to access critical data or integral computer systems.

Using a VPN can also prop up your network security, as it provides an additional layer of protection between your Internet of Things and any prying eyes.

For the average consumer, strong password hygiene can go a long way. Do not use the same password across multiple devices and only use passwords that are impossible to guess. Make sure that the default username and password that comes installed on any smart device is changed.

Leave no stone unturned, as one compromised device in your home or office can be used to access another, causing a domino effect of security breaches that may eventually lead to complete network access.

Sources

Derek Walborn
Derek Walborn is a freelance research-based technical writer. He has worked as a content QA analyst for AT&T and Pernod Ricard.

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You might also like

Stay Connected

Must Read

Related News