IoT fails: Should everything be connected to the internet?
Internet of things (IoT) devices are becoming more commonplace — but not all IoT endeavors result in success.
The Internet of Things (IoT) has been the buzz phrase in the tech world for a long time now.
However, despite the fact that Gartner says there will be more than 20 billion IoT devices in the world in 2020, the burgeoning industry has so far been mostly plagued by negative headlines detailing poor security and IoT disasters. Added to this has been the use of IoT devices to create huge botnets like Mirai, which caused havoc late last year.
While there naturally have been successful IoT devices, there have also been some IoT disasters.
Internet of toys
Some of the IoT fails that have generated the most headlines have been those concerning products aimed at kids.
Earlier this year, parents in Germany were told to destroy the My Friend Cayla smart doll, which was able to “listen” and respond to children’s questions by connecting to the internet. Authorities in Germany deemed that the doll amounted to a “banned surveillance device”. A hack that would allow strangers to speak directly to children through the doll was also shown to be possible.
In 2015, toy giant Mattel’s launch of an internet-connected Barbie attracted some negative headlines after researchers discovered a number of security flaws in the doll. Researchers found that recordings of children’s conversations with Barbie, which were sent to a cloud server, could potentially be intercepted by hackers.
Good old-fashioned non-internet connected dolls might be the best way to go.
Insulting baby monitors
Toys were not the only internet-connected devices worrying parents recently, with concerns also raised about the security of internet-connected baby monitors, with fears raised that they could be hacked and used to spy on children.
In one famous case that occurred some years ago, parents went into their toddler’s room to find the baby monitor (or, more accurately, the person who had hacked the baby monitor) shouting insults at the toddler and demanding they wake up.
Like many IoT devices, some baby monitors have hardcoded credentials (a username and password that can’t be changed), which could make them more susceptible to hackers.
Pets get smart too
The makers of IoT devices are targeting not only humans now, but their pets as well. Petnet, an internet-connected automated feeder for pets, is still active in the IoT pet market, but in 2016 it encountered a blip that showed the risks of depending on the internet for something as necessary as providing your pet with food.
A system failure led to the Petnet system going down for 10 hours, no doubt much to the anxiety of pet owners. The problem was resolved, but it does demonstrate the risk of using IoT devices in such circumstances.
Love connection
Possibly falling under the heading of “did you really need to connect that to the internet in the first place?” would be the smart vibrator from We-Connect.
The We-Vibe 4 Plus is Bluetooth enabled and can connect with a smartphone app to be controlled remotely. However, at DEF CON last year, two hackers from New Zealand showed that it was possible to remotely seize control of the vibrator and activate it at will.
The sex toy was also found to be sending data back to its parent company, including information such as the temperature of the vibrator and every time the vibration intensity changed. Such information would make it easy to determine when and how often the vibrator was being used.
Real dangers
While there may be sniggers down the back at the prospect of a vibrator being hacked, or eyes rolled about whether or not internet-connected Barbies are something we really need, the consequences of hackers gaining unauthorized access to IoT devices could be really serious.
Apart from the obvious privacy concerns, in the future, security weaknesses in things like autonomous cars could lead to serious or even fatal consequences. Potential security vulnerabilities in the increasingly connected cars of today are already causing concerns, with researchers some years ago demonstrating their ability to hack a jeep, and stop it on the highway, while they were sitting at laptops 10 miles away.
Meanwhile, as previously mentioned, the Mirai botnet, which was made up of a litany of poorly secured IoT devices, caused havoc all over the world last year, underlining the need for security to be improved on IoT devices.
As well as this, a hacker who compromises an unsecure IoT device on your home network may then use this access to attack other devices on the network, such as your laptop.
So, while it may be okay to laugh at some IoT epic fails, the release of unsecure internet-connected devices onto the market should be a concern for everybody.
Keep your IoT devices safe
If you do own IoT devices, follow these tips to help protect them from hackers:
· Research the capabilities and security features of an IoT device before purchase
· Change the default credentials on devices. Use strong and unique passwords for device accounts and Wi-Fi networks. Don’t use common or easily guessable passwords such as “123456” or “password”
· Use a strong encryption method when setting up Wi-Fi network access (WPA2)
· Many devices come with a variety of services enabled by default. Disable features and services that are not required
· Modify the default privacy and security settings of IoT devices according to your requirements and security policy
· Disable or protect remote access to IoT devices when not needed
· Regularly check the manufacturer’s website for firmware updates
Check out the Security Response blog and follow Threat Intel on Twitter to keep up-to-date with the latest happenings in the world of threat intelligence and cybersecurity.
Like this story? Recommend it by hitting the heart button so others on Medium see it, and follow Threat Intel on Medium for more great content.
