Everything is connected in 2016, it seems. What many people do not know is that this connectivity of everything through the internet is called IoT, or the Internet of Things. Any device connected to the internet is considered an IoT device. There are the connected things you’d expect like smartphones, tablets, laptops, and even gaming consoles, but there are somewhat less conventional devices as well. These are the things that a few years ago, we’d never have imagined would be connected to the internet—like cars, drones, solar panels, toys, and more—anything made with built-in Wi-Fi capabilities and sensors is a part of the IoT.
While it is amazing that so many things are now connected via IoT, this also means that all of these devices are vulnerable to hackers. For example, vehicles have become a big target by cyber-criminals recently because many newly released cars have on-board Wi-Fi.
Last year, Charlie Miller and Chris Valasek were able to remotely hack into a Jeep Cherokee’s entertainment system which allowed them access to dashboard functions, steering, brakes, and transmission—all while it was going 70 mph. Hackers were even able to hijack a big rig’s accelerator and brakes just last month!
In addition to on-board Wi-Fi, automotive leaders and innovators like Tesla have implemented an autopilot feature on their newest Tesla S model. While this is an amazing feat that gives us some insight into the future of transportation, in May of this year, a Tesla S in autopilot mode failed to detect, and consequently ended up cutting off, a tractor-trailer, running it off of the road and killing the driver. Though this was of course accidental, researchers at universities in South Carolina and China have found that they could trick the car’s autopilot sensors into thinking objects were present when they weren’t or made them fail to sense real objects that were there. Were they malevolent, they could have caused accidents that could have killed several people. This is why IoT security is so important.
At this week’s BlackHat conference in Las Vegas, experts plan to discuss the growing security threats to IoT. Security researcher, Frederic Bret-Mounet, scheduled to speak on Friday, has been able to hack into his own solar panels.
Had he been malicious, Bret-Mounet realized that he could have overheated the panels to the point of being knocked offline—or worse, installed spyware which could have watched and listened to all that he and his family did in the privacy of his own home. This is something many people would not expect needed protection because they are unaware of the cloud connectivity of these devices.
As scary as it might be to think of your car, big rig, solar panels, or toys being hacked, it is even more terrifying to think of what malicious people might do to connected medical equipment. A Kaspersky lab researcher found that he was able to hack into a hospital’s Wi-Fi and utilize that connection to get into an MRI machine. “It was scary because it was really easy,” he explained. He goes on to say how a hacker could have changed a person in the hospital’s system to be categorized as ‘well’ when they are in fact still very ill, or vice versa. The fact that human being would do this is reprehensible, but that fact remains that the IoT of the medical devices on poorly-secured networks is leaving people not only vulnerable to cyber-attack, but could have fatal, life-changing consequences as well.
Protecting your IoT devices
While IoT security threats can be intimidating as they threaten every Wi-Fi enabled aspect of our lives, there are still a few things we can do in our own lives to help better protect against such attacks:
- Do your research before purchasing IoT products—Many people just buy what looks nicest or is most affordable when it comes to buying a new item with a variety of different options to choose from; however, when it comes to buying an IoT product, looking into the security or lack thereof in a product could be the difference in having peace of mind or worrying about your family’s household security.
Video baby monitors are a big concern in this area. These sorts of monitors are gaining popularity because they allow parents to watch their babies from almost anywhere to make sure they’re getting a good night’s sleep. But if this monitor were to be insecure, hackers—or worse, predators—could potentially watch or even talk to your baby. This is why it is so important to make sure that the IoT devices you are buying are secure.
- Do not use the default settings—Though this might take some more time than some like to put into their new product purchase, changing from the basic, factory-installed default settings makes it harder for hackers to get into your IoT products. Simple steps like these could mean the difference between being secure or being hacked.
- Use secure Wi-Fi connections—Free, public Wi-Fi, though convenient, is rarely properly-secured. Using your IoT devices on this kind of network could result in higher likelihood of cyber-attack.
- Turn off your devices when not in use—Devices that are allowed to run all the time, even while no one is using them, not only drains their battery lives, but can result in an insecure connection for hackers to be able to attack. This is one of the easiest steps a person can take, and yet it is one that is often overlooked. If your device works without an internet connection as well, simply disconnecting it from the internet when those features are not needed can do the same thing for your IoT security.
- Password protect anything and everything you can—Though passwords are not the only line of defense which should be taken in securing your IoT devices, adding in this extra security step makes hacking into your devices that much more difficult.
The Internet of Things has connected so many new and unique devices, but it has also exposed them to a myriad of new attacks. Staying informed on the latest IoT news and what hackers are coming up with are some of your greatest defenses in cybersecurity. To find out more about how to protect the things you hold near and dear, contact us at https://axiomcyber.com/ or (800) 519-5070.
Hailey Carlson | Axiom Cyber Solutions | 8/5/2016