Blog

IoT in the Cybersecurity Landscape: Convenience vs Security

IoT in the Cybersecurity Landscape: Convenience vs Security
Userlevel 7
Badge +25
  • Sr. Security Analyst & Community Manager
  • 1106 replies

The Internet of Things (IoT) has revolutionized how we interact with our surroundings, making life more convenient and efficient. IoT devices connect everyday objects to the internet, allowing us to control our homes, monitor our health, and even track our belongings. However, this interconnectivity comes at a cost: the exponential growth of IoT devices has led to increased cybersecurity risks. In this article, we will discuss trends in IoT and their implications on the cybersecurity landscape, and ponder whether the convenience provided by IoT is worth the security trade-offs. 

The concept of IoT can be traced back to the 1980s, but it wasn't until the early 2000s that IoT devices began to gain widespread adoption. In the early days of IoT, security was often an afterthought and the focus was on getting a working product out the door. However, as IoT devices have proliferated, the risks associated with their widespread use have become more apparent.

I was at a Defcon event about a decade ago and I remember the “Wall of Sheep” where they would be scanning all the devices connecting to the conference center Wi-Fi and any connection that wasn’t secured (SSL) could be read over the signal and they would publish the logins captured. 

This definitely wouldn’t fly at Blackhat

In 2016, the Mirai botnet targeted IoT devices, turning them into an army of bots that could launch powerful Distributed Denial of Service (DDoS) attacks using victims IP cameras and DVRs at times when they weren’t in use. This served as a wake-up call for the industry, highlighting the importance of implementing strong security measures for IoT devices. 

Over the years, the IoT landscape has evolved, and so have the associated cybersecurity threats. We have witnessed several key trends shaping the IoT cybersecurity landscape: 

  • Increased Attack Surface: With more IoT devices being deployed, the attack surface for cybercriminals has expanded. Cybercriminals now have more entry points to exploit and can use these devices to launch devastating attacks on networks and systems. 
  • Consumer Demand for Convenience: Consumers demand convenience and ease of use from their IoT devices, which often leads to security being overlooked. Many devices come with default passwords, making them vulnerable to unauthorized access and attacks. In addition, users often prioritize convenience over security, choosing to bypass recommended security practices such as two-factor authentication or regular software updates. 
  • Sophisticated Cybercriminals: Cybercriminals are becoming more skilled, utilizing advanced techniques to target IoT devices. As IoT devices become more interconnected and integrated into critical infrastructure, the potential impact of a successful cyberattack becomes even more severe. I remember being at the Bellagio hotel in Vegas for a Blackhat/Defcon conference and the smart thermostat device for the fish tank was how hackers breached the network and then Rick Rolled the PA system. 
  • Emergence of IoT-specific Malware: Cybersecurity threats are increasingly tailored to exploit IoT devices. Examples include the Mirai botnet, which specifically targeted IoT devices, and VPNFilter malware, which infected routers and network-attached storage devices. IoT-specific malware is expected to continue evolving, posing a significant challenge to security. 

 

Convenience vs Security: Striking the Balance 

The adoption of IoT devices undoubtedly brings convenience and efficiency, but this comes with inherent security risks. The question remains: Is the convenience offered by IoT devices worth the potential cybersecurity threats they pose? 

In our opinion, the answer is both yes and no. 

Yes, because the benefits of IoT are undeniable. IoT devices have the potential to revolutionize industries, optimize resources, reduce costs, and improve the overall quality of life. From smart cities to connected healthcare, IoT is transforming how we live and work. 

However, the answer is also no, because the current state of IoT security is far from ideal. The lack of standardization in IoT security, combined with the ever-increasing complexity of IoT ecosystems, means that securing these devices is an uphill battle. This challenge is further exacerbated by the rapid pace of IoT development and the sheer volume of devices being deployed.

 

This compounds even further when many of these devices are pointless and are just for “smart” fad sake.

 

To fully harness the potential of IoT without compromising security, we must strike a balance between convenience and security. The following measures could help in achieving this goal: 

  • Security by Design: IoT manufacturers must prioritize security from the outset, integrating robust security measures into the design and development of their products. This includes secure coding practices, encryption, and regular security updates. 
  • IoT Security Standards and Regulations: The development of comprehensive IoT security standards and regulations is essential. Governments and industry organizations must work together to establish a robust framework for IoT security, ensuring that manufacturers adhere to best practices and that devices are secure by default. This one strikes me as the most difficult as getting the government and regulatory bodies up to speed is always a struggle.
  • Consumer Education and Awareness: Consumers play a vital role in IoT security. Educating users about the importance of security, the risks associated with IoT devices, and the steps they can take to protect themselves will go a long way in enhancing the security of IoT ecosystems. 
  • Collaboration Between Stakeholders: Collaboration between all stakeholders in the IoT ecosystem, including manufacturers, service providers, governments, and cybersecurity firms, is critical. Sharing information, resources, and best practices will help to create a more secure environment for IoT devices. 

The IoT revolution has undoubtedly made our lives more convenient and efficient, but it has also introduced significant cybersecurity risks. As we continue to embrace IoT technology, we must prioritize security to mitigate these risks and protect our increasingly interconnected world. 

While the convenience offered by IoT devices is compelling, it is not worth jeopardizing our security. By taking a proactive approach to IoT security, we can strike a balance between convenience and security, ensuring that we reap the benefits of IoT while safeguarding our digital landscape. 

 

References:


57 replies

Userlevel 7
Badge +54

Great article and thank you for posting @TylerM.

 

I personally think that a very large proportion of the IoT are not needed but are instead used for convenience as much as anything.

Userlevel 7

Thanks for the article @TylerM 👍

Userlevel 7
Badge +4

Really good read.

agree that many IoT devices are certainly not necessary so why the risk

Userlevel 7
Badge +8

I have been trying to bring a policy into the smaller business users regarding the IoT of things, but trying to make some people understand the risk can be really hard at times. Its articles such as this that allow me to hand something over, or email, and say READ IT FOR YOURSELF if you don’t believe me!

Love these articles, as they make justifying so many things to the disbelievers so much easier to handle.

 

Userlevel 4

During the pandemic, there was a ‘Folding at Home’ project, essentially donating some processing power from a personal computer to do calculations. I am not too privy in the details, but would this be considered a ‘positive’ version of the hornets you described?

Userlevel 7
Badge +63

Thanks for the info Tyler and I agree with @Jasper_The_Rasper most of the IoT devices are used for convenience and some are just plain dumb…

 

 

 

 

Userlevel 7
Badge +54

Thanks for the info Tyler and I agree with @Jasper_The_Rasper most of the IoT devices are used for convenience and some are just plain dumb…

 

 

 

 

 

Look at it this way @TripleHelix, some people are pretty careful and don’t disclose their info to other people and yet they trust their light bulbs or fridge 100%.

Userlevel 7
Badge +63

Thanks for the info Tyler and I agree with @Jasper_The_Rasper most of the IoT devices are used for convenience and some are just plain dumb…

 

 

 

 

 

Look at it this way @TripleHelix, some people are pretty careful and don’t disclose their info to other people and yet they trust their light bulbs or fridge 100%.

 

 

Userlevel 7
Badge +25

yet they trust their light bulbs or fridge 100%.

 

Userlevel 6
Badge +1

Great article Tyler, interesting read

Userlevel 4

Fantastic read Tyler, great as always. I had no idea IoT was that old, I think I still had a 56k internet line!! 🤣

 Nice article!

As we all know the ‘s’  in iOT stands for Security.

Userlevel 5

Wow, great article....must read.

Very useful.....I actually thought concept Iot was a few years old.

Userlevel 7
Badge +4

@TylerM  great article, thank you. 

Userlevel 7
Badge +4

 Nice article!

As we all know the ‘s’  in iOT stands for Security.

Brilliant……. and very true to the point. 

Userlevel 2

Very insightful read. I have always taken issue with a certain brand starting with an ‘R’, as they have popularized turning security systems into IoT devices.

Userlevel 5

Consumer education and awareness: this is the phrase that most struck me in the article and that I find most in agreement

Userlevel 4

Iot devices should be made so they automatically update. Some do but most of them don’t. 

Userlevel 4

I think it should have been noticed long before the technology was allowed to be used that IoT devices would be inherently insecure and legislation should have been put in place to enforce certain basic security measures on IoT devices.

Userlevel 6
Badge +1

Thank You Tyler. Great article.

Userlevel 3

Thank you for the “brain food”. A very interesting article!

Userlevel 3

Interesting read. awesome article 

Userlevel 2

Great read, thanks :)

Userlevel 2

Tech enthusiasts: My entire house is smart. Tech workers: The only piece of technology in my house is a printer.

Userlevel 2
Badge +4

Check out Corelight @ Home to see what those IoT devices are up to.

https://corelight.com/blog/corelight-at-home

https://go.corelight.com/corelight-at-home

Reply