Is IoT Really That Dangerous?

For 62% of adults in the US who own a connected device, they prefer to work smarter not harder. From Alexa and Apple TVs to appliances and coffee makers, IoT devices are quickly becoming some of the most popular pieces of tech available. Nearly all of these devices are currently connected to the internet at this very moment, as most users opt for the internet-enabled options.

Though the convenience and novelty of connected devices paints an attractive and futuristic picture, this Jetsons-Esque tech has flaws. In the world of IoT, convenience is king and oftentimes security is ignored as a result. As some of the most vulnerable devices to cyber attacks, even detecting a breach can be tricky and the results can be disastrous. Cybercriminals can use your unsecured device to

• steal private data
• interfere with financial transactions
• generate and send malicious emails or spam
• and worst of all, hack into other devices
• some cybercriminals have even been known to “lockdown” entire devices and networks until a ransom has been paid

This could mean worst-case scenario for frequent password reusers, something that most of us have been guilty of at some point.

Concerns over IoT cybersecurity grew so extreme that even the FBI stepped in and issued an official statement from their offices. As a warning to users of IoT devices, the message expressed the unique and oft-overlooked risks of bringing IoT in the home. Even though for many of us Internet security practices are second nature, in the face of trendy and flavorful IoT devices caution is often thrown to the wind. Just a year after this warning was released to the public, the unthinkable happened. The Mirai botnet attack targeted Dyn, one of the largest DNS infrastructure companies on earth. Bringing down our favorite websites from Twitter to Netflix, this attack amounted to the largest DDoS attack ever. The Mirai malware was able to infect computers and IoT devices using default passwords; passwords that many users never reset.

A network is only as strong as its weakest link, and those are often IoT devices. Designed with convenience in mind, and usually, at the expense of security, it’s common for owners of IoT devices to simply set it and forget it. “Features” like Universal Plug and Play Protocol, or UPnP, and default factory passwords heavily contribute to device vulnerability. Though they make set up of devices a snap, it may lead to complications down the line. While it’s perfectly fine and often necessary to take advantage of these undoubtedly useful setup protocols, they should not remain active for very long.

• Once set-up is complete, disable UPnP connectivity on routers
• Keep security patches up to date and never purchase a device that can’t be updated
• set your own passwords as quickly as possible, and whatever you do, don’t reuse them among devices
• know your network and the people connected to it; a single breached device invited a world of problems

IoT tech is moving fast, and many users are wondering how security is keeping up. The hard truth is that it’s not keeping up. The issues lie in the lack of industry-wide standards for design, manufactures, and security measures. Over 50 separate standards are in development with independently determined requirements, specs, and guidelines. Take a look at this infographic for more on the current state of IoT security, how users can step up to ensure the integrity of their devices, and what to expect for the future of IoT and cyber security breakthroughs.