Skip to main content

The Internet of Things (IoT) has revolutionized how we interact with our surroundings, making life more convenient and efficient. IoT devices connect everyday objects to the internet, allowing us to control our homes, monitor our health, and even track our belongings. However, this interconnectivity comes at a cost: the exponential growth of IoT devices has led to increased cybersecurity risks. In this article, we will discuss trends in IoT and their implications on the cybersecurity landscape, and ponder whether the convenience provided by IoT is worth the security trade-offs. 

The concept of IoT can be traced back to the 1980s, but it wasn't until the early 2000s that IoT devices began to gain widespread adoption. In the early days of IoT, security was often an afterthought and the focus was on getting a working product out the door. However, as IoT devices have proliferated, the risks associated with their widespread use have become more apparent.

I was at a Defcon event about a decade ago and I remember the “Wall of Sheep” where they would be scanning all the devices connecting to the conference center Wi-Fi and any connection that wasn’t secured (SSL) could be read over the signal and they would publish the logins captured. 

This definitely wouldn’t fly at Blackhat

In 2016, the Mirai botnet targeted IoT devices, turning them into an army of bots that could launch powerful Distributed Denial of Service (DDoS) attacks using victims IP cameras and DVRs at times when they weren’t in use. This served as a wake-up call for the industry, highlighting the importance of implementing strong security measures for IoT devices. 

Over the years, the IoT landscape has evolved, and so have the associated cybersecurity threats. We have witnessed several key trends shaping the IoT cybersecurity landscape: 

  • Increased Attack Surface: With more IoT devices being deployed, the attack surface for cybercriminals has expanded. Cybercriminals now have more entry points to exploit and can use these devices to launch devastating attacks on networks and systems. 
  • Consumer Demand for Convenience: Consumers demand convenience and ease of use from their IoT devices, which often leads to security being overlooked. Many devices come with default passwords, making them vulnerable to unauthorized access and attacks. In addition, users often prioritize convenience over security, choosing to bypass recommended security practices such as two-factor authentication or regular software updates. 
  • Sophisticated Cybercriminals: Cybercriminals are becoming more skilled, utilizing advanced techniques to target IoT devices. As IoT devices become more interconnected and integrated into critical infrastructure, the potential impact of a successful cyberattack becomes even more severe. I remember being at the Bellagio hotel in Vegas for a Blackhat/Defcon conference and the smart thermostat device for the fish tank was how hackers breached the network and then Rick Rolled the PA system. 
  • Emergence of IoT-specific Malware: Cybersecurity threats are increasingly tailored to exploit IoT devices. Examples include the Mirai botnet, which specifically targeted IoT devices, and VPNFilter malware, which infected routers and network-attached storage devices. IoT-specific malware is expected to continue evolving, posing a significant challenge to security. 

 

Convenience vs Security: Striking the Balance 

The adoption of IoT devices undoubtedly brings convenience and efficiency, but this comes with inherent security risks. The question remains: Is the convenience offered by IoT devices worth the potential cybersecurity threats they pose? 

In our opinion, the answer is both yes and no. 

Yes, because the benefits of IoT are undeniable. IoT devices have the potential to revolutionize industries, optimize resources, reduce costs, and improve the overall quality of life. From smart cities to connected healthcare, IoT is transforming how we live and work. 

However, the answer is also no, because the current state of IoT security is far from ideal. The lack of standardization in IoT security, combined with the ever-increasing complexity of IoT ecosystems, means that securing these devices is an uphill battle. This challenge is further exacerbated by the rapid pace of IoT development and the sheer volume of devices being deployed.

 

This compounds even further when many of these devices are pointless and are just for “smart” fad sake.

 

To fully harness the potential of IoT without compromising security, we must strike a balance between convenience and security. The following measures could help in achieving this goal: 

  • Security by Design: IoT manufacturers must prioritize security from the outset, integrating robust security measures into the design and development of their products. This includes secure coding practices, encryption, and regular security updates. 
  • IoT Security Standards and Regulations: The development of comprehensive IoT security standards and regulations is essential. Governments and industry organizations must work together to establish a robust framework for IoT security, ensuring that manufacturers adhere to best practices and that devices are secure by default. This one strikes me as the most difficult as getting the government and regulatory bodies up to speed is always a struggle.
  • Consumer Education and Awareness: Consumers play a vital role in IoT security. Educating users about the importance of security, the risks associated with IoT devices, and the steps they can take to protect themselves will go a long way in enhancing the security of IoT ecosystems. 
  • Collaboration Between Stakeholders: Collaboration between all stakeholders in the IoT ecosystem, including manufacturers, service providers, governments, and cybersecurity firms, is critical. Sharing information, resources, and best practices will help to create a more secure environment for IoT devices. 

The IoT revolution has undoubtedly made our lives more convenient and efficient, but it has also introduced significant cybersecurity risks. As we continue to embrace IoT technology, we must prioritize security to mitigate these risks and protect our increasingly interconnected world. 

While the convenience offered by IoT devices is compelling, it is not worth jeopardizing our security. By taking a proactive approach to IoT security, we can strike a balance between convenience and security, ensuring that we reap the benefits of IoT while safeguarding our digital landscape. 

 

References:

Tech enthusiasts: My entire house is smart. Tech workers: The only piece of technology in my house is a printer.

Love this!


Always great work, thanks!


I watched Luther on Netflix recently - and they have a scene of attack through IoT devices (Alexa and the likes of smart devices)

It really does scare me knowing I am a consumer of these devices and that, these attacks are also inhibited in real world scenarios..

I just worry for the countless devices out there which are smart, not utilizing the correct security protocols.

Heck, i’ve got smart bed lamp bulbs and I feel like anyone can tap into those!

(l use a custom router at home to prevent such intrusions, but, you never know what can happen!)


Very good read.

I agree that many IoT devices are most likely not necessary so why take the risk.  Also IoT devices should somehow automatically update as well.


IOT as a potential security risk just fills me with horrors. Half tempted to sling half my home tech out!


For me the dumbest device I’ve come across is a smart refrigerator that will allow you to set/change the temperature settings from your phone. I don’t understand why this is a thing - add a camera so I can see if I’m low on milk, eggs, etc and I’m in, but I have no need to adjust the temperature from a smartphone!


Great article really highlighting the risks of internet connected devices.  Although I knew about the wall of sheep from Defcon, the Thermostat in the fish tank as an access point is crazy to think about,.

More articles on the emerging  standardisation of IoT security would be greatly appreciated.


For me the dumbest device I’ve come across is a smart refrigerator that will allow you to set/change the temperature settings from your phone. I don’t understand why this is a thing - add a camera so I can see if I’m low on milk, eggs, etc and I’m in, but I have no need to adjust the temperature from a smartphone!


Imagine the worst crime you could pull off hacking into a refrigerator…

“Man gets arrested for locking in sub-zero temperature on smart fridge… currently sentenced to death by north pole”


Great Article @TylerM , learn something new everyday!


Great article, very insightful.


I watched Luther on Netflix recently - and they have a scene of attack through IoT devices (Alexa and the likes of smart devices)

It really does scare me knowing I am a consumer of these devices and that, these attacks are also inhibited in real world scenarios..

I just worry for the countless devices out there which are smart, not utilizing the correct security protocols.

Heck, i’ve got smart bed lamp bulbs and I feel like anyone can tap into those!

(l use a custom router at home to prevent such intrusions, but, you never know what can happen!)

Yes. I watched that too. It was rather scary seeing iot devices being used by a serial killing terrorist!


I could understand why people want and why IoT is so successful because i’m really fond of its practical use and technology behind it.

Yet, i don’t have any IoT device at home or at work because i know of the security risk that’s out there. And i’ll never use any IoT that requires any cloud resource to properly work, i prefer hosting my own data.

People need to understand that an unsupervised internet-connected device is just like leaving your front door open with a welcome sign.


People need to understand that an unsupervised internet-connected device is just like leaving your front door open with a welcome sign.

Love this analogy. Describes IoT perfectly! 👍🏻


IoT devices are simultaneously the best and worst thing in a home or business environment.  The convenience of devices like Amazon Echo/Google Home, smart bulbs, smart fridges, etc is incredible, but the security risk of those devices is terrifying.  Always set up a dedicated VLAN for IoT devices when you can!


Great Article. I’m a big fan of IoT devices so this gives me a lot to think about! 


While I find the "convenience" of IoT "necessary" in my life, I do understand and appreciate the security concerns.

In a business environment, our first lines of defense is to isolate by vLAN the external and lateral connectivity of devices, and also running them through a very restrictive Webroot policy for DNS on anything that does need to "reach out and touch someone".

What other tactics and processes are others using?


Thanks for this.  I always laugh that people have advised me that you can’t use an Huawei phone for example, because “China is listening in!!!” but then go home and turn on their Alexa, while putting everything they do on Facebook. There is far too much technology in the home nowadays, but when I say things like that, I just feel old before my time


As always, great work! 


IoT is a potentially huge problem and highlights the need to know what assets are connected to your business network. Device connection policies are a must and network segmentation is a must. Don’t let people connect their personal devices to the main network and don’t put your thermostat on the same segment as your file server.


Excellent Article! cheers @TylerM 

 

Smart vac connected to home network with hard-coded admin creds would be the dumbest, smart IoT device ever ;)  or any IoT with preset and hard-coded credentials, these should be avoided and the manufacturers mocked and shamed til they removed the product….


Great article. Thank you!! 


I’m still waiting for my toilet to be turned into an IoT device.

Too far?

Too far.

 

On a serious note, great read, thank you Tyler. 


I’m still waiting for my toilet to be turned into an IoT device.

Too far?

Too far.

 

On a serious note, great read, thank you Tyler. 

It’s not finished until the Paperwork is done. LOL

https://thenextweb.com/news/toilet-paper-automatic-smart-monitor


I’m still waiting for my toilet to be turned into an IoT device.

Too far?

Too far.

 

On a serious note, great read, thank you Tyler. 

It’s not finished until the Paperwork is done. LOL

https://thenextweb.com/news/toilet-paper-automatic-smart-monitor

Well there are Bidet's I don't know if there any IoT Bidet's? 🤣 https://www.zdnet.com/article/lg-uplus-launches-iot-for-bathrooms-with-wi-fi-bidet-toilet/


Toilet humour… 


Reply