So you’ve just unpacked your latest IoT device, a wireless baby monitor. You were skeptical about this new wave of tech, but you can justify this one since what’s the worst that will happen? Some hackers get to see your baby sleeping in an unidentifiable room? So you give it the wi-fi password, download the app, and sure enough, there’s your child sleeping peacefully. The problem is, while your IoT Security might be safe, there’s a lot of problems a vulnerable device can cause.
Despite the numerous startups supporting the idea of smart homes, most consumers aren’t ready for the concept. In fact, based on recent survey data, it would be fair to say that the majority of potential users aren’t quite willing to pay the amounts needed to make an actual Internet of Things living space. It’s an odd stumbling block considering that, from an expert standpoint, the biggest issue with Smart Home technology isn’t the cost, it’s your overall IoT security.
It’s no great surprise that security on a wireless home network is an issue. If a user has so many devices open to a wi-fi signal only one of them needs to be vulnerable for the whole system to be compromised. And, sure enough, there is a variety of malware already out there attempting to access these devices.
The most recent insurgent is a little devil called Persirai that targets IP cameras on a user’s network. This malware allows the hacker to carry out DDoS attacks on a user’s network by overwhelming it with data from multiple sources. According to cyber security research staff at Trend Micro, that this particular malware is targeting “over 1,000 Internet Protocol (IP) Camera models based on various Original Equipment Manufacturer (OEM) products.”
The problem is the vast majority of users are not aware that their cameras or any of their smart home devices are vulnerable in the first place. In the case of cameras, a quick by Trend Micro search using the IoT search engine Shodan reveals over 120,000 cameras worldwide that are currently vulnerable to Persirai as well as similar malware.
The problem is most of the IoT devices, right out of the box, don’t always contain the best IoT security. This issue was revealed last year with Mirai, which caused the largest internet blackout in US history. It did so by using internet connected devices such as surveillance cameras and other smart home devices and turned them against Dyn, the domain name system provider for hundreds of major websites including Spotify, Twitter, Wired, and Vox. Then, only a month later, a new permutation of Mirai took out nearly a million users in Europe, after finding an exploit in Zyxel (and similar) Internet routers that had an open port for maintenance by IPs.
At this time the only option for most end users to ensure their network is safe and not part of a massive DDoS Botnet is either doing extensive research on the products they purchase to find out how safe they are or to forgo joining the world of IoT altogether. As it is, it seems the biggest concern isn’t the theft of our data but rather how someone uses our devices against someone else.
- Save Money While Going Green With Arcadia Power - July 25, 2019
- 3 Compelling Reasons Why Your Tech Startup Needs A .TECH Domain - June 21, 2019
- Maximize Team Productivity With Project Management Tool monday.com - August 22, 2018
Daniel Blanco says
Exactly. This is why you cannot connect anything that you are not controlling 100% of the time. Too many people out there know how to attack on connected devices and that leaves you with a big security risk in the home.
Ramon Claypoole says
Very good points. Regular consumers that wish to control everything from their smartphone have little idea what that could do to their network in the long run. I am not sure what attackers want with IP cameras that look at my garage, but you just never know.
Erin Miller says
A smart home is a great concept, but as you mention here, the typical consumer is just not ready for it. The process for the attacker to make a difference in your home is way too easy.
Kathryn Billingsley says
We have seen this a million times. Companies that are breached feel like it just happened that day, when you know the hackers have been trying to get into your network for months. Planting malware and other malicious code that can do the damage before you even know what happens.