IoT without security: The Internet of threats
When I recall ten years back – who would have ever imagined that streetlights could turn on and off, utilizing motion sensors complementing the sunrise and sunset? Or that buildings could monitor and fine-tune resource usage and operational expenditure on assets? Or even trash bins sending signals when they are full and need to be picked up for recycling?
This is certainly true as we look at the Internet of Things (or IoT) changing cities, healthcare, industries, and even our homes. This will continue to progress over the next decade.
IoT devices are designed to connect to a network and each other. While they provide us with a broad new set of capabilities, they also introduce many potential security vulnerabilities. Every connected IoT device requires protection and management as new security issues are detected. The total number of IoT connections will be 24 billion in 2025, according to GSMA Intelligence 2020. We have increased efficiency, improved communication, and greater productivity, but it comes with its fair share of security risks.
While they provide us with a broad new set of capabilities, they also introduce many potential security vulnerabilities. Every connected IoT device requires protection and management as new security issues are detected. The total number of IoT connections will be 24 billion in 2025, according to GSMA Intelligence 2020. We have increased efficiency, improved communication, and greater productivity, but it comes with its fair share of security risks.
There were 105 million attacks on IoT devices coming from 276,000 unique IP addresses in the first six months of 2019, compared with just 12 million attacks in the first half of 2018.
Automation in the Internet of Things includes all the information, intelligence, and intercommunication that can be leveraged by nefarious people who exploit that information for their own malicious purposes. Let us go through the main threats to IoT security:
- Network hacks: When the IoT devices are compromised via the network they are connected to, it leads to network hacks. Hackers can gain control of the device and operate it. For example, the hacker might take control of a device in an autonomous vehicle and trigger a crash.
- Distributed Denial of Service (DDoS) attacks: In this type of attack, devices are manipulated to send many messages at a time to overwhelm the IoT network and trigger a shutdown. This type of attack is used by hackers to create a traffic jam, preventing necessary information from getting through to its destination.
- Malware threats: Hackers use malware to either turn IoT devices into "botnets" that send out more malware or contribute to DDoS attacks. Sometimes they use malware to simply freeze the IoT devices, which is called bricking. Since IoT is getting more and more popular, many hackers have begun developing high-level software specifically designed to attack smart devices.
Here are few examples of actual IoT cyber threats in recent times:
- More than 3.7 million IoT devices, including doorbells with webcams, baby monitors, and surveillance cameras, were found vulnerable to attackers via two insecure communications protocols.
- A new strain of the Mirai botnet was found attacking particular versions of IP cameras, routers, and smart TVs.
Communication service providers (CSPs) are growing their business revenue and making big gains with IoT. But flawed security can put a huge dent in their revenue projections. If they want to maximize the monetization potential of IoT, they will need to focus more on secure IoT device management and take bold, proactive steps. In short, they must make IoT security a key differentiator in their offerings along with IoT device management and connectivity.
As cyberattacks are increasing with everything going virtual because of COVID-19, CSPs with the foresight to enable an internet of secure things in the home, city, and healthcare will be in the best position to maximize revenue opportunities as IoT becomes mainstream.