ISJ Exclusive: Staying safe in the Internet of Things

According to data published by the Internet Crime Complaint Center (IC3), personal data breaches in the US increased by 60% between 2017 and 2018, affecting over 50,000 citizens last year. Data breaches are one of the fastest-growing internet crimes, rising by 157% since 2015, showing that as technology continues to advance, keeping safe when interacting with the internet is becoming more and more difficult.

The rapid rise in adoption of Internet of Things (IoT) devices poses particular threats to user security. Computers experience a hacking attempt on average once every 39 seconds and with more devices online comes more attempts to break in. Although IoT is a new branch of technology, users need to get to grips with safety practices and prioritise these in the workplace and at home to tackle the growing threat of insecure data.

What is the Internet of Things?

The Internet of Things describes the network of devices which connect with each other and the internet. Examples include Fitbits connected to smartphones, ‘smart’ thermostats and wearable devices. IoT relates to devices connected to private networks which can also interact with devices on other networks, such as accessing work networks from your laptop or phone when out of the office.

There were an estimated 23 billion IoT devices installed last year – 3 billion more than 2017 – and this number is expected to grow to 75 billion by 2025. Basically everything connected to the internet can be hacked, so whether it’s a home thermostat which can be controlled with a phone or even a smart washing machine, unsafe connections can be easily exploited by hackers at any time.

Business threats

With 52% of businesses unaware of how to identify IoT breaches, the risk posed by insecure connections could potentially be catastrophic, especially as the number of connected devices continues to rise. IoT is a specialised area of cybersecurity, meaning that expertise in this emerging field is still lacking. This has led many organisations to neglect its dangers due to the lack of necessary skills. As IoT continues to grow across all manner of industries, cybersecurity specialists will need to ensure that their understanding of the technology is up to scratch.

At a basic level, some of the most common issues with IoT devices that companies must tackle include:

• Not changing default passwords
• Lack of updates to software
• Unencrypted communication, i.e. emails
• Ransomware access through exploited weaknesses

By ensuring that basic security measures are implemented and that staff are made aware of the necessity of things like changing default passwords on their devices, the risk of access by hackers can be quickly reduced company-wide.

Dangers at home

This includes Wifi networks which then give hackers access to every other device on the network.

At home, our appliances are connecting in unexpected ways each day, from smart toasters to connected coffee machines. While it may seem harmless for hackers to gain access to your toaster, some smart devices store your Wifi password insecurely, meaning access to one device allows access to all. From here, hackers could monitor your online activities and even steal your personal data.

For every device from light bulbs to security systems, the first priority for safety is to change the default password. Five default username/password combinations give access to 10% of all IoT devices.

The five most hackable username/password combos:

• Admin/admin
• Admin/0000
• User/user
• Root/12345
• Support/support

Home assistants

As recent stories revealed that Google home assistant recordings are listened to by human staff, concerns over consumer privacy when using these devices are growing. Already, 20% of adults in the US own a smart speaker and while many believe the handy devices are simply there to make their lives easier, these devices are constantly recording, meaning personal conversations within earshot can be recorded and used by the company.

After previous concerns were aired, Amazon have implemented a feature on their Alexa devices that allows users to control how long their recordings are stored on the device, including a command to remove all recordings from the day. While reports of questionable data protection practices continue to emerge, it seems that data privacy isn’t at the forefront of consumers’ minds when interacting with home assistants but understanding how companies intend to use the data they absorb is vital to keeping consumer data as private as possible.

Data breach predictions

20,000 more people suffered from a personal data breach last year than in 2017, making it the second most increased cyber crime in the US. For data handlers to reduce this threat, more robust and exhaustive security practices need to be implemented, with specific focus given to new technologies such as IoT. Additionally, consumers need to ensure they maintain strong privacy awareness and monitor the safety of every device in their network.

IoT adoption has resulted in an unprecedented growth in our personal networks and a wealth of possibilities for opportunistic hackers which must be tackled in order to protect the vast amounts of sensitive data on the internet.

This article was written by Damon Culbert from Cyber Security Professionals, specialised cybersecurity jobsite worldwide.