The Internet of Things, also known as IoT, represents a collection of devices and peripherals that can connect to the internet or internal networks. These devices come in many shapes and sizes. You probably have a few on your home or work network right now, your network printer or even your home WiFi router can be considered IoT devices as they are non-traditional computing devices that connect to the internal network or public internet to give additional functionality. IoT devices are becoming more commonplace, think of how many people you know who have a Google Home or Amazon Alexa.
These are common IoT devices that many people are all too happy to have (including me). Having even a few IoT devices on your network can create security issues if they are not set up or configured properly. Additionally, many of these devices are pushed to market so fast that they never go through any security evaluation before they hit store shelves and are in customers' homes or places of business. For example, there was a teddy bear that was sold to kids that could connect to the internet, this toy was not properly evaluated by the manufacturer for security issues and ended up leaking information about the children on the internet and hackers were able to connect to these toy bears and send audio messages to the children.
This is just one extreme example of IoT that has gone bad. There are other examples such as office video surveillance equipment that has a backdoor username and password that was never removed by the manufacturer which leaves companies at risk for break-ins by bad guys who can counter-surveil the company and then wipe the tapes after they have finished breaking in. Or in other cases, companies have set up security cameras for their office, connected them to the internet so they can remotely check that the office is secure, but then never change the default username and password. This allows bad guys to also connect and take over the devices. The premise of this attack is what led to the creation of the Mirai botnet, which is a collection of IoT devices taken over by a malicious group due to users connecting their devices to the internet with the default username and passwords.
IoT devices can be great and can really improve the lives and productivity of their users, I know because I use IoT devices almost every day. But it is good to make sure that your IoT devices are secure and configured properly before you start using them. This includes regularly updating the device's firmware to keep them up to date and less vulnerable and changing the default username and password to secure, hard to guess passwords. If the device needs to connect to the public internet, making sure that it is set up behind a firewall or security appliance can help ensure proper network communication and segmentation.
The Open Web Application Security Project (OWASP) has also created a top 10 list for IoT device weaknesses and how to secure against these weaknesses. It is a good idea to make sure that your IoT device follows these top 10 suggestions
If you want to see a demonstration of some attacks against IoT devices you can watch the IoT hacking demo done by members of RedTeam Security as part of the Sioux Falls 2020 Cybersecurity Conference.
Ready to see how well your network security strategy performs? Learn why RedTeam Security is the penetration testing service leader in the industry and will help you secure your IoT devices. Schedule your free virtual meeting with a RedTeam cyber security expert today at 612-234-7848.