The Internet of Things can enable your smart refrigerator to order a new carton of milk for you, but it can also allow cyber criminals to hack internet-connected baby monitors, compromise smart cars, and even shut down most of the East Coast’s internet access. And cyber criminals are definitely aware of this vulnerability -- IBM reported that criminal IoT compromises have exploded by 600% this year. But if IoT products are more popular than ever right now, why aren’t vendors scrambling to fix their products’ security issues? And since consumers can’t change these predictable credentials, hackers can easily guess their devices’ passwords. Current and Future IoT Security Threats For now, the Internet of Things is relatively secure. IoT devices are already commonplace, and soon, almost every business that sells household devices will connect their products to the internet. How Companies Can Protect their Customers from IoT Security Threats In 2017, the U.S. Government passed the Internet of Things Cybersecurity Improvement Act, which sets security standards for IoT devices that vendors can sell to the U.S. Government. How Consumers Can Protect Themselves from IoT Security Threats 1. To protect your devices and data, use a password manager like LastPass to generate a random password for each of your IoT devices -- they’re nearly impossible to crack. If a cybercriminal hacks your home network, you don’t want them to be able to access even more of your personal data, like information about your work.
The Internet of Things can enable your smart refrigerator to order a new carton of milk for you, but it can also allow cyber criminals to hack internet-connected baby monitors, compromise smart cars, and even shut down most of the East Coast’s internet access.
IoT devices like Fitbits, pet trackers, and smart TVs all make your life easier and more convenient. But since these devices store your personal data and communicate with a lot of other internet-connected devices, your privacy is more vulnerable than ever before.
The Internet of Things is notorious for having weak security, even though the technology harbors some extremely sensitive information. And cyber criminals are definitely aware of this vulnerability — IBM reported that criminal IoT compromises have exploded by 600% this year.
But despite the technology’s major security risks, Gartner expects consumers to possess over twice as many IoT devices in 2020 as they do today, increasing the number of world-wide IoT devices from 11 billion to 26 billion.
It’s clear that IoT devices’ convenience and savings prompt consumers to keep buying them, despite their associated risks. But if IoT products are more popular than ever right now, why aren’t vendors scrambling to fix their products’ security issues?
Revenue Trumps Security
The rush to release products in the booming IoT market is similar to the personal computer craze in the mid-90s. Businesses wanted to reap the rewards of selling computers that had their own software and operating systems before they missed out on a massively profitable opportunity.
To quickly develop these new personal computers, release them, and, ultimately, cash in on them, they decided to put their computers’ serious security issues on the back-burner. They could worry about them after they made enough money.
But making security an afterthought placed an enormous amount of risk on these businesses’ customers. Viruses, worms, and spam could easily infect their computers’ software and operating systems, allowing cyber criminals to infiltrate people’s personal computers and steal their data.
In the flourishing IoT market, which is bolstered by a forecasted global market value of $1.7 trillion in 2019, businesses are also scrambling to enter before it’s too late. Unfortunately, though, one of the fastest and cheapest ways for companies to develop and release IoT products is by turning a blind eye to the strength of their devices’ security. Building strong security into IoT products is expensive, could hamper the devices’ speed and abilities, and would slow down their development and release.
IoT vendors can gloss over their devices’ security in various ways, but one of the most fixable problems they have is hard-coding weak usernames and passwords into their products. This means they permanently assign incredibly predictable credentials, like “admin” or “12345” to their customers’ IoT devices. In fact, cyber security researchers at Symantec discovered that over 60% of IoT devices’ passwords last year were “admin” or “12345”. And since consumers can’t change these predictable credentials, hackers can easily guess their devices’ passwords.
Another reason why IoT vendors want to develop and release their products so quickly is that it allows them to collect as much consumer data as possible. Gathering hoards of this precious information will help businesses improve their IoT devices and generate more revenue in the future.
The fate of IoT is worrisome, to say the least, and its wobbly security naturally begs the question: what are the current and future risks of such an insecure technology?