The internet of things or the internet of insecure things is a rapidly growing monster that seems to have taken over the industry. The IoT is a Security professional’s worse nightmare. Consisting of quickly made technology that is web based, where security is just an afterthought. Below are the top five reasons any security professional should cringe in regards to the internet of things.
- Always Connected: Since many of these devices are tablets and phones, which are meant to be on the go, website developers had to adapt and create additional viewing options specifically for this purpose. The end result is poorly made code that leaves the IoT devices open to cross-site scripting, poor session management and weak credentials. This gives hackers a whole new playground to reinvent old techniques.
- Concerns around Privacy: With new technology arising at such a fast rate, it is tough to really rate if these new devices are secure. There are devices that track your footsteps, heartrate and even some that control the locks in your house. Having all of these conveniences is nice, but not at the cost of your personal privacy. A lot of these devices have outdated or no security at all, making them vulnerable to anyone that wants to find out more about you.
- Authorization and Authentication are Obsolete: Continuing with the above devices, most of them (if not all) have no authentication to determine who is accessing the device. With most of the wearable devices, to access the device information, you would simply need to have access to the device itself and push one button to view information like footsteps, heartrate and even calories consumed. You may be thinking “who cares”, just remember that an attacker takes there time gathering bits of information to learn as much about you as possible in order to deploy a zero-day attack when you least expect it.
- Encryption is a Bust: Almost all the internet of things devices have no type of encryption on them at all. If they do it is an outdated form that is easily cracked with old strategies. The object of these new devices is to get you the information as fast as possible, for most the encryption just gets in the way and slows things down.
- Downloading Insecure Software Made Easy: With a lot of the cell phones out today, it is easy for an intruder to get a bot or malware onto a person’s machine. By simply sending a malicious picture message file to a mass amount of phone numbers, every one that has the auto open feature turned on for text messages will instantly download the malware without even knowing it.
If the above points cause you concerns, then you have had no idea how insecure these devices are. Having awareness is the first big step. You can still use these cool new devices and tools to better your everyday life, but by having awareness around what vulnerabilities your devices has it a huge advantage in staying ahead of the curve. Overall, remember to set up the devices security settings to the fullest and keep an ear open for the newest threats that could affect your particular device.