February 19th, 2021 Read Time: 6 minutes
The Electric Helpdesk is comprised of experienced IT Professionals with the knowledge and expertise to solve any IT Support question one may have.
Subscribe to our blog and stay up to date
With about 127 devices hooking up to the internet for the very first time every second , there is adequate reason to believe that the Internet of Things (IoT) is growing at an unimaginable scale. As if that isn't enough, research shows that by the end of 2021, there will be an estimated 35.82 billion (the current world population is about 8 billion) IoT devices globally, and this number will be more than double by 2025. This makes IoT among the most versatile technologies we have in existence today.
Simply put, IoT (or Internet of Things) refers to billions of physical devices connected to the internet around the world, all gathering and sharing data among themselves. What distinguishes IoT from the typical internet is that these devices don't rely on human intervention to function. A set of sensors attached to the IoT devices independently collect, analyze, process and finally communicate real-time information with other devices through the mighty internet. This makes the world's fabric smart, responsive, and unbelievably merges our physical universe with digital space.
The internet is ubiquitous, causing network connections to grow exponentially across the globe. Coupled with the diversity of connected devices, Internet of Things continues to be amazingly scalable and adaptable.
For instance, the extension of IoT in industries (known as industries internet of things — IIoT) is revolutionizing workflows and industrial processes. Therefore, scores of industries that previously were left out are increasingly adopting this technology, enabling them to be competitive in the ever-changing business and technology environment. These industries comprise healthcare, automotive, aerospace, smart homes, agriculture, etc.
However, the puzzling issue about the Internet of Things is the cybersecurity risks associated with it. IoT adoption continues to stance significant cybersecurity threats to areas that previously were considered out of reach by cybercriminals.
The introduction of IoT devices in offices and manufacturing industries poses vulnerabilities to critical systems such as the organization's intranet, database servers, and manufacturing machinery. Additionally, criminals can now have access to smart home systems by exploiting susceptibilities within smart home devices. Besides, IoT can negatively impact the environment when attacks target devices in smart toilets and smart coffee machines
The four characteristics that make IoT have so much influence on cyber risks including the ability to gather and share robust data, the interconnection of the virtual and physical environment, the creation of a complex environment, and the centralization of IoT systems' architecture. The OWASP (Open Web Application Security Project) summarizes various IoT areas in IoT systems and applications with a high likelihood of threats and vulnerabilities. They include:
Device memory, firmware, network services, and physical & web interfaces are among the parts where security weaknesses may exist. Attackers also exploit gaps in insecure default settings, obsolete components, and unreliable updating mechanisms of various IoT devices.
Communication or Sharing Channels
IoT's power is undeniably in its capability to share real-time data, but then attacks can be launched from within these communication networks. Various protocols used to transfer data from one device to another can have undetected security exposures that criminals use to jeopardize systems.
Applications and Software
Cybercriminals continuously monitor software and applications used in IoT devices such as web apps to exploit any security loopholes. This especially happens when application or software updates meant to close these gaps are not installed on time or ignored.
When it comes to Internet of Things Security, you can never be too careful. Here is a list of the many ways someone could launch a cyber attack against your Internet of Things devices.
Distributed Denial of Service (DDoS) attack: This happens when a botnet is used, causing scores of devices to request service simultaneously and recursively, causing the system to shut down due to exhaustion of resources to serve all these requests.
Physical attacks: Some cybersecurity risks arise if criminals can physically access the IoT devices. Therefore, it's supreme to ensure that all your Internet of Things devices are located in a secured area that's inaccessible to assailants whose aim is, for example, to insert a USB to spread malware.
Firmware hijack: If you don't keep track of the devices to ensure they're up-to-date with the latest firmware releases, you're up for unforeseen cyberattack.
Encryption susceptibilities: Attackers can sniff data when transferring it using unencrypted devices and channels and use the stolen credentials to launch attacks.
Man-in-the-middle: This is where a hacker breaches communication between two connected systems, consequently redirecting the wrong data. In the process, the recipient falls for the tricks by believing that they're receiving legitimate info, causing them to expose critical authorization details to the attacker (man-in-the-middle).
RF jamming: Cybercriminals can interfere with radio frequency parts of the IoT devices hindering wireless communication.
Home intrusion: One of the causes smart homes are still not considered idealistic is the huge threats they pose if attackers gain unauthorized access to the home's system.
Brute Force attacks: Just like other areas that use this method to crack passwords, IoT suffers from hackers trying to guess the password by using powerful software to generate multiple possible password guesses.
Ransomware: The trend of infecting IoT with ransomware (a malware that locks access to the device/system) and then requesting large sums of money to unlock is expected to intensify and continue in 2021 and behold.
Other Internet of Things cyber attacks include eavesdropping, privilege escalation, and privacy leakages. It's important to understand that the question is not if but when; therefore, securing IoT devices and systems is a priority in 2021 cybersecurity trends.
The Dyn Attack (popularly known as The Mirai Botnet)
October 2016 marked the launch of the most known significant DDoS attack against Dyn (a service provider) using an IoT botnet. Famous platforms such as Twitter, the Guardian, Netflix, Reddit, and CNN shut down due to this attack. An already Mirai infected computers were used to continually search the internet for vulnerable IoT devices and subsequently use the known default authentications to log in, infecting them with the same malware called Mirai.
Hackable Cardiac Devices from St. Jude
In 2017, CNN featured a story where the FDA had established that St. Jude Medical's cardiac devices had Internet of Things security ambiguities that potentially could be used by hackers to gain access into the device. "Once in, they could drain the battery or administer incorrect pacing or shocks," the FDA said.
The Jeep Hack
Cars manufacturers continue to integrate IoT devices in new models. But this 2015 story by IBM security intelligence might get you thinking about the kind of uncertainty these devices can bring into everyday life. The team at IBM was able to remotely take complete control of the CAN bus of a Jeep SUV. They established they could successfully accelerate, decelerate, and even veer the vehicle off the road by exploiting a security gap in the device's firmware update.
IoT is an excellent emerging technology that promises a bright future in all areas of life, business, and industrial processes. However, as you look forward to introducing (if already you don't own any) Internet of Things systems to your business or company, make cybersecurity your number one priority. This way, you'll be prepared to dislodge any attack and stay at the top with compliance and competition.
Electric’s commitment to architecting IT infrastructure security starts at the core of your business. That's why we unify security at the device, application, and network levels. Contact us to learn more.