dcsimg

Top 10 IoT Security Threats

  • Top 10 IoT Security Threats

    IoT
    Hackers have already proven that many of these IoT security attacks are possible.
  • 1. Botnets and DDoS Attacks

    Printers and other devices

    Many people in the general public first became aware of IoT security threats when they heard about the Mirai botnet in September 2016. By some estimates, Mirai infected approximately 2.5 million IoT devices, including printers, routers and Internet-connected cameras. The botnet creators used it to launch distributed denial of service (DDoS) attacks, including an attack against cybersecurity blog KrebsonSecurity. Essentially, the attackers used all the devices infected with Mirai to attempt to connect to the targeted website at the same time, in the hopes of overwhelming the servers and preventing anyone from reaching the site.

    Since Mirai first made news, attackers have launched other IoT botnet attacks, including Reaper and Hajime. Experts say more such attacks are likely in the future.

  • 2. Remote Recording

    Smartphone taking video

    The possibility that attackers could hack into IoT devices and record the owners without their knowledge came to light not as a result of the work of hackers, but as a result of the work of the Central Intelligence Agency (CIA). Documents divulged by WikiLeaks implied that the spy agency knew about dozens of zero-day exploits for IoT devices but did not disclose the bugs because they hoped to use the vulnerabilities to secretly record conversations that would reveal the activities of US adversaries. The documents pointed to vulnerabilities in smart TVs, as well as Android and iOS smartphones. The obvious implication is that criminals could also be exploiting these vulnerabilities for nefarious purposes.

  • 3. Spam

    Kitche with smart refrigerator

    In January 2014, one of the first-ever known attacks involving IoT devices used more than 100,000 Internet-connect devices, including TVs, routers, and at least one smart refrigerator to send 300,000 spam emails per day. The attackers sent no more than 10 messages from any one device, making it very hard to block or pinpoint the origin of the attack.

    This early attack was far from the last. IoT spam attacks were continuing last fall with Linux.ProxyM IoT botnet.

  • 4. APTs

    Power lines

    In recent years, advanced persistent threats (APTs) have become a major concern for security professionals. APTs are highly capable attackers, such as nation-states or corporations, that launch sophisticated cyberattacks that are difficult to prevent or mitigate. For example, the Stuxnet worm that destroyed Iranian nuclear centrifuges and the 2014 Sony Pictures hack have been attributed to nation-states.

    As more critical infrastructure gets connected to the Internet, many experts warn that APTs could launch an IoT attack targeting the power grid, industrial control systems or other Internet-connected systems. Some have even warned that terrorists could launch an IoT attack that could cripple world economies.

  • 5. Ransomware

    Bitcoin

    Ransomware has become all too prevalent on home PCs and corporate networks. Now experts say it is just a matter of time before ransomware attackers start locking up smart devices. Security researchers have already demonstrated the ability to install ransomware on smart thermostats. They could, for example, turn up the heat to 95 degrees and refuse to turn it back to normal until the owner agreed to pay a ransom in Bitcoin. They might also be able to launch similar attacks against connected garage doors, vehicles or even appliances. How much would you pay to unlock your smart coffee pot first thing in the morning?

  • 6. Data Theft

    Laptop PC with data on screen

    Obtaining sensitive data, such as customer names, credit card numbers, social security numbers and other personally identifiable information, continues to be one of the primary goals of cyberattacks. And according to the Ponemon Institute, the average data breach costs companies $3.62 million, or about $141 per record stolen. IoT devices represent a whole new attack vector for criminals looking for ways to invade corporate or home networks. For example, if an improperly secured IoT device or sensor is connected to enterprise networks, that could give attackers a new way to enter the network and potentially find the valuable data they are looking for.

  • 7. Home Intrusions

    House

    As smart locks and smart garage door openers become more commonplace, it also becomes more likely that cybercriminals could become real-world thieves. Home systems that are not properly secured could be vulnerable to criminals with sophisticated tools and software. Disturbingly, security researchers have demonstrated that it is fairly easy to break into smart locks from several different manufacturers, and smart garage doors don't seem to be much safer.

  • 8. Communicating with Kids

    Child with stuffed toy

    One of the most disturbing stories of IoT security gone wrong involved hacking a baby monitor. One couple discovered that a stranger had not only been using their baby monitor to spy on their three-year-old son, that stranger had also been speaking with their child over the device. The mother heard an unknown voice say, "Wake up little boy, daddy's looking for you," and the child said that he was scared because someone was talking to him over the device at night.

    As more children's gear and toys become connected to the Internet, it seems likely that these frightening scenarios could become more commonplace.

  • 9. Remote Vehicle Control

    Jeep

    As vehicles become smarter and gain connections to the Internet, they also become vulnerable to attack. Hackers have shown that they could take control of a Jeep, setting the air conditioning to maximum, changing the radio station, starting the wipers and eventually slowing the vehicle to a stop. The news led to a recall of 1.4 million vehicles, but the white-hat researchers behind the original exploit said that they found additional vulnerabilities that weren't addressed by the patch Chrysler applied to the recalled vehicles. Although experts say that the auto industry is doing a better job of securing vehicles, it's almost certain that attackers will find new vulnerabilities in connected cars.

  • 10. Personal Attacks

    Vice President Dick Cheney

    Sometimes the IoT encompasses more than just things — it can also include people who have connected medical devices implanted in their bodies. An episode of the television series Homeland featured an assassination attempt that targeted an implanted medical device, and former Vice President Dick Cheney was so worried about such a scenario that he had the wireless capabilities on his implanted defibrillator disconnected. This type of attack hasn't happened in real life yet, but it remains a possibility as more medical devices become part of the IoT.

  • 1 of

Top 10 IoT Security Threats

  • 1 of
  • IoT

    Top 10 IoT Security Threats

    Hackers have already proven that many of these IoT security attacks are possible.
  • Printers and other devices

    1. Botnets and DDoS Attacks

    Many people in the general public first became aware of IoT security threats when they heard about the Mirai botnet in September 2016. By some estimates, Mirai infected approximately 2.5 million IoT devices, including printers, routers and Internet-connected cameras. The botnet creators used it to launch distributed denial of service (DDoS) attacks, including an attack against cybersecurity blog KrebsonSecurity. Essentially, the attackers used all the devices infected with Mirai to attempt to connect to the targeted website at the same time, in the hopes of overwhelming the servers and preventing anyone from reaching the site.

    Since Mirai first made news, attackers have launched other IoT botnet attacks, including Reaper and Hajime. Experts say more such attacks are likely in the future.

  • Smartphone taking video

    2. Remote Recording

    The possibility that attackers could hack into IoT devices and record the owners without their knowledge came to light not as a result of the work of hackers, but as a result of the work of the Central Intelligence Agency (CIA). Documents divulged by WikiLeaks implied that the spy agency knew about dozens of zero-day exploits for IoT devices but did not disclose the bugs because they hoped to use the vulnerabilities to secretly record conversations that would reveal the activities of US adversaries. The documents pointed to vulnerabilities in smart TVs, as well as Android and iOS smartphones. The obvious implication is that criminals could also be exploiting these vulnerabilities for nefarious purposes.

  • Kitche with smart refrigerator

    3. Spam

    In January 2014, one of the first-ever known attacks involving IoT devices used more than 100,000 Internet-connect devices, including TVs, routers, and at least one smart refrigerator to send 300,000 spam emails per day. The attackers sent no more than 10 messages from any one device, making it very hard to block or pinpoint the origin of the attack.

    This early attack was far from the last. IoT spam attacks were continuing last fall with Linux.ProxyM IoT botnet.

  • Power lines

    4. APTs

    In recent years, advanced persistent threats (APTs) have become a major concern for security professionals. APTs are highly capable attackers, such as nation-states or corporations, that launch sophisticated cyberattacks that are difficult to prevent or mitigate. For example, the Stuxnet worm that destroyed Iranian nuclear centrifuges and the 2014 Sony Pictures hack have been attributed to nation-states.

    As more critical infrastructure gets connected to the Internet, many experts warn that APTs could launch an IoT attack targeting the power grid, industrial control systems or other Internet-connected systems. Some have even warned that terrorists could launch an IoT attack that could cripple world economies.

  • Bitcoin

    5. Ransomware

    Ransomware has become all too prevalent on home PCs and corporate networks. Now experts say it is just a matter of time before ransomware attackers start locking up smart devices. Security researchers have already demonstrated the ability to install ransomware on smart thermostats. They could, for example, turn up the heat to 95 degrees and refuse to turn it back to normal until the owner agreed to pay a ransom in Bitcoin. They might also be able to launch similar attacks against connected garage doors, vehicles or even appliances. How much would you pay to unlock your smart coffee pot first thing in the morning?

  • Laptop PC with data on screen

    6. Data Theft

    Obtaining sensitive data, such as customer names, credit card numbers, social security numbers and other personally identifiable information, continues to be one of the primary goals of cyberattacks. And according to the Ponemon Institute, the average data breach costs companies $3.62 million, or about $141 per record stolen. IoT devices represent a whole new attack vector for criminals looking for ways to invade corporate or home networks. For example, if an improperly secured IoT device or sensor is connected to enterprise networks, that could give attackers a new way to enter the network and potentially find the valuable data they are looking for.

  • House

    7. Home Intrusions

    As smart locks and smart garage door openers become more commonplace, it also becomes more likely that cybercriminals could become real-world thieves. Home systems that are not properly secured could be vulnerable to criminals with sophisticated tools and software. Disturbingly, security researchers have demonstrated that it is fairly easy to break into smart locks from several different manufacturers, and smart garage doors don't seem to be much safer.

  • Child with stuffed toy

    8. Communicating with Kids

    One of the most disturbing stories of IoT security gone wrong involved hacking a baby monitor. One couple discovered that a stranger had not only been using their baby monitor to spy on their three-year-old son, that stranger had also been speaking with their child over the device. The mother heard an unknown voice say, "Wake up little boy, daddy's looking for you," and the child said that he was scared because someone was talking to him over the device at night.

    As more children's gear and toys become connected to the Internet, it seems likely that these frightening scenarios could become more commonplace.

  • Jeep

    9. Remote Vehicle Control

    As vehicles become smarter and gain connections to the Internet, they also become vulnerable to attack. Hackers have shown that they could take control of a Jeep, setting the air conditioning to maximum, changing the radio station, starting the wipers and eventually slowing the vehicle to a stop. The news led to a recall of 1.4 million vehicles, but the white-hat researchers behind the original exploit said that they found additional vulnerabilities that weren't addressed by the patch Chrysler applied to the recalled vehicles. Although experts say that the auto industry is doing a better job of securing vehicles, it's almost certain that attackers will find new vulnerabilities in connected cars.

  • Vice President Dick Cheney

    10. Personal Attacks

    Sometimes the IoT encompasses more than just things — it can also include people who have connected medical devices implanted in their bodies. An episode of the television series Homeland featured an assassination attempt that targeted an implanted medical device, and former Vice President Dick Cheney was so worried about such a scenario that he had the wireless capabilities on his implanted defibrillator disconnected. This type of attack hasn't happened in real life yet, but it remains a possibility as more medical devices become part of the IoT.

The Internet of Things (IoT) may be introducing a lot of benefits to modern life, but it also has one huge drawback: security threats.

In its 2018 IoT Predictions, Forrester Research noted, "Security vulnerabilities are a significant worry for firms deploying IoT solutions – in fact, it’s the top concern of organizations looking at deploying IoT solutions. However, most firms don’t consistently mitigate IoT-specific security threats and business pressures overwhelm technology security concerns."

The IoT security risks could be even more significant on the consumer side, where individuals are often unaware of the potential threats and what they should be doing to mitigate them. A 2017 survey on The State of IoT Security sponsored by security vendor Gemalto found that only 14 percent of the consumers surveyed considered themselves knowledgeable about IoT security. That number is especially concerning given that 54 percent of respondents owned an average of four IoT devices.

And those IoT security threats aren't merely theoretical. Hackers and cybercriminals have already found ways to compromise many IoT devices and networks, and experts say successful attacks are likely to increase. Forrester has predicted, "In 2018, we’ll see more IoT-related attacks . . . except they’ll grow bigger in scale and impact."

What type of IoT security threats will enterprises and consumers face in 2018? Based on historical precedent, here are ten of the most likely types of attacks.

Images from Pixabay

Submit a Comment

Loading Comments...