Why hardware configurations could be the downfall of the IoT

Credit to Author: Trend Micro| Date: Thu, 23 Mar 2017 16:16:22 +0000

Hardware configuration could leave your IoT devices vulnerable to attacks.

The Internet of Things is opening up new opportunities for businesses as well as introducing a new era of convenience for consumers. And it's happening sooner rather than later: More than 24 billion IoT devices will connect to each other and the internet by 2020, according to Business Insider, and that's a conservative estimate. The Motley Fool noted that other tech giants are predicting anywhere from 50 billion to 200 billion IoT devices within the next three years.

One thing is clear: The IoT is going to be big, and require a lot of management. After all, handling devices the wrong way could leave security gaps in your network. Hardware configurations could be the downfall of IoT, and it's important for you to enable your systems appropriately.

Systems at risk

Most devices, including routers and printers, come with preset, easy passwords and inactivated security capabilities. A number of organizations may simply install this hardware without changing the standard authorizations, leaving significant holes that attackers can exploit. This type of situation is only magnified by the number of active IoT devices. After all, who wants to configure every sensor or create a firewall for their coffee maker? However, you must do exactly that to enable IoT without compromising security.

Unconfigured internet-connected devices can introduce network vulnerabilities. ALT TEXTUnsecured internet-connected devices can introduce network vulnerabilities.

IoT technology is still developing, and you must ask critical questions to understand how these devices handle your sensitive information. The Global Privacy Enforcement Network Privacy Sweep found that it wasn't clear how IoT devices collected, used and disclosed information. Many companies also neglect to explain how user data would be secured or how to delete personal information. With so many entry points to your network, your system could be at risk if you don't have definitive answers concerning their requirements and capabilities.

"If you think your IoT devices aren't at risk, you're wrong."

Sitting targets for malicious attacks

Unsecured IoT devices are gateways for hackers to stroll into your critical business systems and execute attacks on a larger scale. In fact, major internet services including Twitter, Spotify and Netflix were disrupted when an attacker leveraged IoT devices to deliver a series of massive DDoS attacks to Dyn. According to Fast Company, the hacker leveraged the digital traffic from internet-enabled hardware and sent the noise to the domain name service provider, disrupting its ability to translate addresses into IP networks. Hundreds of thousands of cameras, routers, DVRs and other household appliances were used to carry out this attack. Security experts had warned that such a situation could occur, serving as a reminder why hardware configurations are critical for business and user security.

If you think your IoT devices aren't at risk, you're wrong. Attackers can use tools like Shodan to easily search for exposed cyber assets. Trend Micro noted this system can show a hacker any connected device's IP address, application and firmware versions as well as other critical information to make it easier to compromise. This research also found web servers, webcams, wireless access points and routers were the most unsecured cyber assets in the top 10 most populous U.S. cities.

Protecting your IoT devices

Security capabilities across IoT devices will only continue to improve, but in the meantime, organizations must take steps to protect this hardware. The first step is to configure your equipment correctly to your business and set passwords that will be difficult for a hacker to guess. You should also leverage data breach systems to detect unusual behavior within your network as it occurs. This solution will help catch malicious access to your IoT devices, enabling you to act quickly to reinstate and improve security.

http://feeds.trendmicro.com/TrendMicroSimplySecurity