The Internet of Things (IoT) has brought about large advancements in convenience for both personal and professional life. By enabling remote management and monitoring, IoT devices help improve quality of life in countless ways. As a result, the IoT market is booming, with the market expected to reach $520 billion by 2021. Unfortunately, IoT’s second most famous aspect is poor security. As IoT grows, so does the number of high-profile hacks targeting or using IoT devices. The value of these devices and the costs of the hacks that they cause makes IoT security an important priority.
The IoT Security Paradox
IoT devices are widely deployed and blindly trusted. Businesses regularly deploy Industrial IoT devices to remotely monitor and manage critical systems. Internet-facing security cameras are frequently utilized to monitor business entryways or point-of-sale areas. IoT devices often have access to extremely sensitive personal or business data, but their security is abysmal.
In the healthcare sector alone, there have been several cases in which Internet-connected medical equipment has been hacked. This is even more concerning considering this sector is governed by strict data privacy laws – the HIPAA regulation.
How The IoT Gets Hacked
As the name suggests, the Internet of Things refers to devices that are connected to the Internet, and this very connection is what makes IoT devices so vulnerable to compromises. Hacks on IoT devices typically are not complicated, they usually take advantage of security misconfigurations or gaping holes, rather than relying on clever exploits or zero-day vulnerabilities. The Mirai botnet, probably the most famous IoT attack, involved hundreds of thousands of hacked IoT devices. In this attack, the Mirai hacker gained control of these devices through the use of default passwords. The Mirai malware scanned for any device that had an open Telnet port and then attempted to authenticate to the IoT device using a list of 61 weak username/password combinations. Since the IoT manufacturers used weak passwords and the end users did not change the default passwords, this brute-force attack was successful. Unfortunately, this story isn’t unique. Following Mirai, there have been many other attacks on IoT devices. The poor security of IoT devices and their “always on” connection to the Internet make them easy targets for hackers.
Protecting IoT Devices
IoT devices differ from traditional computing devices (laptops, mobile devices, etc.) in two primary ways: the level of built-in security and how much security maintenance is received. Most computer manufacturers ensure that their devices have a baseline level of security, but this is not generally the case with IoT manufacturers. After-purchase security varies greatly too. For example, most people understand the importance of keeping software and antivirus up to date on their computer but don’t give a second thought to updating the security of personal IoT devices. In addition, the ability to patch security vulnerabilities relies on the patch actually being available.
When internal security isn’t an option, it’s important to take the necessary steps to secure IoT devices externally. Most IoT devices are designed to be remotely deployed and managed from a central office via the Internet. This design isn’t new – for example, most telecommuting employees connect remotely to their organization’s network to do business. However, telecommuting workers have access to VPNs and firewalls – security tools not generally available with IoT devices.
Most firewall and VPN technology is implemented as software installed on the device in question, and this often isn’t feasible for IoT devices. Attila’s GoSilent is a physical VPN and firewall device the size of a Tic Tac container. It is designed to provide comprehensive protection in an easy-to-use package. GoSilent deploys easily with plug-and-play functionality. Using GoSilent, an organization can immediately secure any IoT device’s Internet connection with an IPSec tunnel connected to a VPN server located within the organization’s network. This provides the IoT device with the same protections it would have if located on the organization’s enterprise network and renders it completely unreachable from the Internet. Learn more about Attila’s IP security products.