The world gets more and more connected, people buy and bring more smart devices into the home. These devices provide the consumer with many benefits and enhance consumer’s life in a convenient way. However there is a dark-side, the security of the internet as a whole does not improve. With the internet of things, we introduce the vulnerabilities of the digital world into our own lives.
In October 2016, because of a DDoS attack, many large websites were inaccessible at the east coast of the United States. It wasn’t the first time that such an attack paralyzed websites, however the source of the attack was new: thousands of hacked ‘things’ from the internet of things, such as routers, smart security cameras and hard-disk recorders. Thus, things that normally should provide protection are now being a possible threat for your privacy.
The internet of things includes all kinds of devices that are able to make a connection with the internet. These are more than smart appliances such as, thermostats, fridges and lamps. For example smart toys do exist, such as a smart Barbie, that are able to make connections with the internet. And precisely these devices are prone to malicious parties.
According to manager Robert den Drijver of security company Symantec, the reason that cyber criminals increasing the search for unsecured IoT devices, is because they are easier to hack than smartphones and personal computers. Most of the time these are devices with minimal protection, but are offering a particular type of bandwidth. This bandwidth is necessary to send large amount of data traffic with a DDoS attack.
Designing smart devices often lack the priority of security. You could ask yourself what a hacker could do with your smart lamp, how can they benefit from it? These devices do not hold any valuable information. So you think. According to safety experts, it is possible to use insecure smart devices to send a flow of internet traffic to a random server. Possibly, criminals can use these attacks to infiltrate deeper into the network and still capture any valuable information.
Another threat is that ransomware makes it entrance into the internet of things. Ransomware is a malicious software that hostage a device and asks for a payment. Currently this does not have yet occurred, however it is reasonable to think that criminals will use this method to trick out money from the consumer. Therefore it is important that the security of smart devices will be improved or that insecure smart devices will be banned from the market if it does not live up to certain security standards. Because if your Tesla got infiltrated by ransomware while you are driving. “Transfer now 100 dollars, otherwise we won’t unblock your brakes.”
Measures to defend
At first, it is important to change standard passwords of routers and other smart devices. Is it possible that a device can be reached at a distance, but you do not use that functionality? Disable it. An even better recommendation is to make use of a special Wifi-network for guests, in which you can connect all smart devices. According to Robert den Drijver, such a network can be shut down from the main network, which holds many sensitive data. However, there are not many ways for consumers to protect themselves. These steps can be taken and you can be careful with buying smart devices and toys. The consumer is not responsible to a lot of these insecurities. Many smart devices, in particular cheap devices developed by smaller companies, are abandoned once they are sold in stores.
Therefore it is necessary that governments takes action and set international industry standards for the security of smart devices. Minimal security standards, which should be included in the development before market entrance. Just like there are particular standards in the car industry (ABS or belts), there should be standards where it is for example possible to change the password or set reliability labels for IoT devices.
For such a regulation an international approach is necessary. It won’t be useful if just one country has more strict rules about the security, while other countries are still vulnerable to hackers. There are no borders for cyber criminals.
Greenberg, A. and Zetter, K. (2015) How the Internet of Things got hacked, available online from: https://www.wired.com/2015/12/2015-the-year-the-internet-of-things-got-hacked/ [7 December 2016].
Kraan, J. (2016) Die slimme deurbel is gevaarlijker dan je denkt, available online from: http://www.nu.nl/weekend/4342541/slimme-deurbel-gevaarlijker-dan-denkt.html [7 December 2016].