Skip to main content
Internet of Things (IoT) Security Risks

Internet of Things and Internet of Things Security

The Internet of Things, also known as IoT, represents a collection of devices and peripherals that can connect to the internet or internal networks. These devices come in many shapes and sizes. You probably have a few on your home or work network right now, your network printer or even your home WiFi router can be considered IoT devices as they are non-traditional computing devices that connect to the internal network or public internet to give additional functionality. IoT devices are becoming more commonplace, think of how many people you know who have a Google Home or Amazon Alexa.

These are common IoT devices that many people are all too happy to have (including me). Having even a few IoT devices on your network can create security issues if they are not set up or configured properly. Additionally, many of these devices are pushed to market so fast that they never go through any security evaluation before they hit store shelves and are in customers' homes or places of business. For example, there was a teddy bear that was sold to kids that could connect to the internet, this toy was not properly evaluated by the manufacturer for security issues and ended up leaking information about the children on the internet and hackers were able to connect to these toy bears and send audio messages to the children.

This is just one extreme example of IoT that has gone bad. There are other examples such as office video surveillance equipment that has a backdoor username and password that was never removed by the manufacturer which leaves companies at risk for break-ins by bad guys who can counter-surveil the company and then wipe the tapes after they have finished breaking in. Or in other cases, companies have set up security cameras for their office, connected them to the internet so they can remotely check that the office is secure, but then never change the default username and password. This allows bad guys to also connect and take over the devices. The premise of this attack is what led to the creation of the Mirai botnet, which is a collection of IoT devices taken over by a malicious group due to users connecting their devices to the internet with the default username and passwords.

 

How We Use IoT Securely

IoT devices can be great and can really improve the lives and productivity of their users, I know because I use IoT devices almost every day. But it is good to make sure that your IoT devices are secure and configured properly before you start using them. This includes regularly updating the device's firmware to keep them up to date and less vulnerable and changing the default username and password to secure, hard to guess passwords. If the device needs to connect to the public internet, making sure that it is set up behind a firewall or security appliance can help ensure proper network communication and segmentation.

The Open Web Application Security Project (OWASP) has also created a top 10 list for IoT device weaknesses and how to secure against these weaknesses.  It is a good idea to make sure that your IoT device follows these top 10 suggestions 

If you want to see a demonstration of some attacks against IoT devices you can watch the IoT hacking demo done by members of RedTeam Security as part of the Sioux Falls 2020 Cybersecurity Conference.

Schedule Your Free Virtual Meeting With a RedTeam Security 

Ready to see how well your network security strategy performs? Learn why RedTeam Security is the penetration testing service leader in the industry and will help you secure your IoT devices. Schedule your free virtual meeting with a RedTeam cyber security expert today at 612-234-7848.

Get a FREE security evaluation today and reduce your organization's security risk.
Schedule My Call Schedule My Call

Get a Customized Proposal

Use our Scoping Questionnaire to provide us with the necessary information to put together a proposal for you. Please be as thorough as possible with your responses, as it helps us ensure an accurate and complete proposal.
If you're interested in application penetration testing, you may find this article helpful when formulating your responses: Understanding Application Complexity For Penetration Testing.

If you have any questions, contact us at 612-234-7848 or schedule a meeting. We will follow up promptly once we receive your responses. We look forward to speaking with you soon.

Having trouble viewing the Scoping Questionnaire? Check to see if an ad-blocker is keeping the page from loading properly.

Dedicated Client Portal

Interact in real-time with your RedTeam security professionals on our user-friendly client portal and see firsthand as the team closes in on your company data.

Certified Security Experts

Our trusted security professionals hold certifications from the leading industry organizations, including OSCP, CASS, CPT, CISSP and more.

Research-Focused Approach

We hold industry-leading certifications and dedicate part of every day to research the latest exploit techniques to ensure our clients remain protected from evolving online attacks.

Free Remediation Testing

Once your team addresses remediation recommendations, RedTeam will schedule your retest at no additional charge.