The Hackers love the Internet of Things
We're rapidly entering a new phase of technological evolution, in which pretty much everything around us is connected to the internet.
15:45 07 December 2017
The term used to describe this increasingly connected ecosystem is the Internet of Things (IoT), and it’s attracting the biggest names in tech, from Apple to Samsung and everyone in between.
If the tech pundits are right, everything from toasters to light bulbs will soon have internet functionalities.
While connected technology provides a plethora of new and exciting possibilities, it also brings challenges – and the biggest challenges of all involve security. Any internet-enabled device is potentially vulnerable to attack from hackers – so imagine the risks when virtually every object and appliance we use is connected.
Much of the tech-using public remains unaware of such threats, despite repeated warnings from governments and industry bodies; according to Canonical, the company behind operating system Ubuntu, around half the British population is unaware that connected devices can be hacked.
Yet the dangers are all-too real. From taking control of connected cars to using everyday appliances such as fridges as to launch catastrophic cyber attacks, hackers are taking advantage of the IoT big time.
One industry that’s been quick to seize on the potential offered by the internet of things is motor manufacturing. Car makers are increasingly launching models that sport internet-enabled infotainment systems and hubs, and driverless cars aren't far behind. But while the connected car industry is booming, the road ahead is far from smooth.
Last year the FBI teamed up with the US Department of Transportation and the National Highway Traffic and Safety Administration to warn people about cyber security threats to cars. This followed a controlled experiment by two hackers, who were able to compromise a Jeep Cherokee while it was travelling at 70mph by turning the steering wheel and applying the brakes remotely. If this were to happen in the real world, lives could be put at risk. Manufacturers of autonomous and connected vehicles, and consumers, need to be aware of the security implications. It may be possible that cars are held to ransom by hackers, and sabotaged or used in cyber attacks.
As well as hacking into computer systems to cause chaos, cyber criminals are increasingly attempting to exploit connected gadgets such as Wi-Fi routers, webcams, smart thermostats and wearables to launch wide-scale attacks on companies and organizations.
Mirai is a popular form of malware among hackers, offering the ability to turn systems into botnets to initiate network compromises. In September 2016, hackers used 152,000 consumer IoT devices to initiate a distributed denial of service (DDoS) attack on French company OVH. They were able to inundate the company with 1Tbps of traffic, causing mayhem for customers around the world. Consumers and their devices have essentially become unwitting accomplices in cyber attacks, and there’s nothing stopping this from happening again. Paul McEvatt, senior cyber threat intelligence manager predicts that we’ll see more. McEvatt blames manufacturers for these issues. “The issue is that manufacturers are failing to implement robust security controls from the outset, whether that’s for routers, smart devices or connected cars,” he adds.
No device is safe
The internet of things industry is expanding exponentially, with consumers flocking to the shops to get their hands on the latest connected tech. Cyber criminals see this as a lucrative opportunity, as in most cases consumer-ready hardware can be relatively easy to hack.
According to recent research research, hundreds of millions of internet-connected devices are vulnerable to attacks from cybercriminals. Nick Shaw, vice president and general manager for antivirus software maker Norton, says common devices such as smart TVs, home security systems and baby cameras are all hackable, and can be exploited as botnets, or for ransomware and fraud.
Shaw adds that consumers can reduce the risk of their devices being hacked by change the default device credentials, disabling unused services, modifying the privacy settings of the device and ensuring firmware is up to date.
The internet of things is still in a state of relative infancy, and as it continues to expand and evolve it’s likely that the security threats it brings with it will become more complex and widespread.
There’s now an urgent need for manufacturers and other organizations to develop safeguards to stop hackers in their tracks – and we can all play our part by exercising a little common sense to reduce the chances that we, and our IoT devices, will be the next victims.