IoT

IoT Future Fail

IoT (Internet of Things) – is the Internet working of physical devices, vehicles (also referred to as “connected devices” and “smart devices”), buildings and other items—embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data.
In simple terms IoT can be a thermostat, or web-cam or even baby monitor you have that can be connected to the INTERNET and accessed remotely. Many people have started to install them at their homes, some of it is to help them feel more secure when they are away, others want to be able to control parts of the home from other parts of the home and still others are just getting caught up on the hype of having them installed in their home. For whatever reason, good or bad, they have become more and more integrated into our lives. Sadly, security for them is not very high on the minds of the people creating them.

IoT devices are becoming a major target for attacks and gathering information by attackers including governments, about you and your family. Connecting to your web-cam and spying on you or play around with your thermostat is just a small sample of what can be done. The biggest problem is what is called bot-nets and the attacks that can be implemented with them. The codes to create them are freely available to anyone. The most dangerous attack is called a DDoS or a Distributed Denial of Service attack. This is where they connect to hundreds or even thousands of IoT devices and redirect the feed to a single device or location. There is so much junk traffic going to one location that it will effectively overwhelm the site and make it unreachable, thereby kicking it off the Internet. Not good for you if it’s your site or not good for others knowing that your IoT device is open to be attacked.

Some ways it is not unexpected for a device that may only cost twenty or thirty dollars, but even devices that cost over two hundred dollars are open to such attacks. There is too little thought about security issues. The idea is that if it is only a consumer device, there is no reason to spend the money on it. Cost consideration plays deeply into the bottom lines of many of the company that make the devices. Some of the biggest issues are well known user id’s and passwords that are never changed when installed. It can be hard to change the password on the devices and some have no option to change them at all. This is not to say you should not use the devices if they will be useful for you, by all means use them. However, if installed make sure you at least do a little security on them and change the passwords, if they cannot be changed then do not buy them. If the company is aware that the lack of security is the reason people are not buying or gets bad publicity over the lack of security, that will get the company’s attention. It is true that you will need to do some research into the device you are planning on purchasing, but with a little effort, you can help everyone be more secure, including yourself. Think of it this way, would you want someone you do not know, to connect to your web-cams and watch your family without your knowledge? Thieves would also know when no one is home or on vacation.
Take the extra time and effort to look for IoT devices that can be secured and have the possibility to be secured if a flaw is found in them. Make sure you change the passwords on the devices and if possible change the login names as well to make it more difficult for people to guess the access. Again do your research and ask questions about what you are looking to get. If the questions don’t seem helpful ask again or look for other devices. Yes it is work, but in the long run everyone will benefit from it. Lets try and end the IoUT (Internet of Unpatchable things) for all time

Thanks