When most people think about the Internet, they think of connecting on laptops and smartphones, but this is no longer the case. With the ever-expanding Internet of Things (IOT), Wi-Fi connections can now be found on devices as varied as televisions, baby monitors and light bulbs. Unfortunately for consumers, the rapid growth of the IoT is being matched by an equally fast rise in security concerns.
The IoT was a major topic of conversation at this year's Black Hat security conference as a host of new vulnerabilities are being found in Internet-connected devices. A study released by HP earlier this month found that 70 percent of devices in the IoT reviewed by the company presented security threats, CBS News reports.
"Privacy and physical security is a big concern," Black Hat speaker Jesus Molina told CBS News in an email. "The risk in case of a successful penetration heavily depends on the type of devices attached to the home automation network, from mild if lights only are attached, to severe if cameras and key locks are part of it."
As VentureBeat contributor Michael Coates explained, all code will have vulnerabilities from time to time, but manufacturers can minimize this by implementing a solid security lifecycle in products at all phases of production. Considering defense through design and development will dramatically reduce the amount of risks present in a device, but many IoT products don't go through such rigorous security testing and there isn't much incentive for manufacturers to start.
Because many companies creating IoT-connected devices don't consider cybersecurity or Internet capabilities core competencies, security is lacking in many products. But most consumers don't worry about what an Internet-connected thermostat could mean for their security posture, so they aren't concerned with patching vulnerabilities. If the people buying the devices don't ask for patched, manufacturers won't provide them, allowing exploitable issues to persist.
"If an attacker physically tampered with a device to extract the firmware software, then security problems could potentially be discovered leaving other devices open to attack," security researcher Silvio Cesare told CBS News. "This shows that physical attacks are not necessarily the only technique that is used in a successful attack of a device, but is a useful tool for compromising physical devices."
One of the current challenges for the IoT is the lack of an effective channel for delivering security patches, meaning even if one were to be created, there would be no reliable way to make it readily available to users.
According to Coates, ineffective or nonexistent plans to deploy security updates will be the largest obstacle facing IoT security. The lack of sufficient security procedures will begin to pose a threat to users' information as cybercriminals will be able to steal increasing amounts of personal data, making it incredibly easy to craft convincing social engineering attacks. This will pose a growing threat to enterprises, since as employees become more susceptible to cyberattacks, so will the companies they work for.
Organizations looking to stay ahead of the threats posed by the Internet of Things can implement a variety of cybersecurity techniques to protect sensitive enterprise information. One method that is especially helpful when defending privileged networks is strong authentication.
Tools like two-factor authentication protect systems and data by requiring multiple forms of identification before providing users with access, putting an extra layer of defense between enterprise networks and cybercriminals. As the IoT continues to grow, businesses cannot ignore the technology, but they can take steps to protect themselves against the vulnerabilities inherent in it.