Things you least expect now connect to the internet, like lighting, fridges and cars. And this Internet of Things (IoT) is doing great work improving energy efficiency and maintenance. But in hacker:HUNTER Behind the Screens Episode 3, Chris Kubecka, CEO of Hypatec and distinguished chair of the Middle East Institute, shows how IoT security is behind the curve.
IoT is extra vulnerable
“These devices are becoming common in homes and industry,” says Kubecka. “But most are not properly security tested, and many use outdated operating systems. It’s easy for attackers to exploit those and bring down entire businesses.”
Noushin Shabab, Senior Security Researcher at Kaspersky, says, “The industrial Internet of Things could be worth a trillion US dollars by 2025. Companies like Airbus use IoT for predictive maintenance sensors in aircraft. It’s high risk – devices not regularly connected can’t receive updates, so are more easily hacked.”
Hacked ‘things’ can kill
Kubecka describes how in 2014, the German government reported a fatal hack into the network of a steel mill. Attackers flooded the network, and safety systems couldn’t operate. Three people were killed and many injured.
Other attacks are more domestic, like one Kubecka investigated in Saudi Arabia. “A company bought a bunch of new smart fridges from a supplier that didn’t security-test. A criminal gang managed to exploit these fridges and use them for spam and manipulating the stock market.”
It can be hard to investigate IoT-based cybercrime. “Many IoT devices don’t log activity, so police forensics can’t find much. Or they’re expecting to find a computer and don’t realize the computer is a fridge.”
Kubecka says businesses shut down by IoT attacks often didn’t think they’d be a target. But cybercriminals can use anyone’s data and systems for fraud and other money-making schemes, like mining bitcoin.
How to secure smart devices
“Makers and sellers of IoT devices must do their part to secure them,” says Kaspersky’s Shabab. She recommends they audit code, test for vulnerabilities and let users update and patch devices themselves rather than updating remotely.
Kubecka says manufacturers should be open about attacks they’ve suffered, sharing how it happened so others can learn.
Using security expertise helped smart prosthetic limb makers Motorica, who asked Kaspersky to review their device security. Kaspersky’s researchers identified several vulnerabilities, letting Motorica protect their customers by closing security holes.
While IoT makers are getting more security conscious, we already have homes full of smart devices that may not be secure. You can do a few things to protect IoT devices at home, like limiting what’s connecting to the internet and having strong passwords.