Penetration testing, also referred to as pen testing, is a simulation of a cyber attack that organizations conduct to identify security vulnerabilities within their systems. By
Smart devices are amazing, and they make our lives easier. Smart light bulbs for your home allow you to change the color and schedule lights to turn on and off based on your activities. Internet-connected cameras allow us to monitor our homes with phone apps. Unfortunately, even a device as simple as a light bulb connected to your WiFi can be a gateway for cybercriminals to launch an attack. It happens, and it can happen to you. Cybercriminals launch Internet of Things (IoT) attacks on both individuals and businesses by exploiting the weaknesses in smart devices.
You can prevent an Internet of Things attack by changing default passwords, using multi-factor authentication and updating your device software on a regular basis.
Read more below to learn how IoT attacks work and how to prevent them.
What Is an Internet of Things (IoT) Attack?
The Internet of Things (IoT) is a term used to describe the network of smart devices that include physical objects other than traditional computers, phones and tablets. For example, many homes now have smart TVs, smart light bulbs and other objects with some kind of internet connectivity. The connection allows users to control the devices from their phone or to give the devices special features such as being able to schedule smart light bulbs to turn on and off via an app. Smart TVs can stream content from the internet without plugging in an additional device.
IoT attacks use these devices as a gateway to access a network. Cybercriminals take advantage of the fact that users, including employees at organizations, don’t think to protect their devices the way they protect their computers. Unfortunately, our networks are only as strong as the weakest link. Cybercriminals can take advantage of even a single unprotected IoT device to gain access to a network and steal your data.
Risks of the Internet of Things
Internet of Things devices, just like your computers, need protection in order to avoid cyber attacks. Because they are connected to your home network, if an IoT device is hacked then the cybercriminal can access your network and install malicious software known as malware.
If a cybercriminal gets access to your network, it gives them an opportunity to steal your data. For individuals, this can include Personally Identifiable Information (PII). For organizations, cybercriminals may steal employee PII, along with other sensitive data. Stolen PII can be used for malicious purposes, including stealing money from your bank accounts or even identity theft. This type of attack can be very difficult to recover from.
Sometimes smart devices are hacked for even more disturbing purposes – such as monitoring people inside their homes.
Examples of IoT Attacks
IoT attacks can affect both individuals and organizations that use IoT devices. Here are some examples of frightening IoT attacks:
- Research has connected some identity theft-related cyber attacks to the Internet of Things.
- A cybercriminal hacked into an internet-connected baby monitor and spoke to the baby through the device. Similarly, baby cams have also been hacked – allowing cybercriminals to peer into the victim’s home.
- It was discovered that an IoT car could be hacked at a distance, resulting in the hacker being able to take control of the vehicle.
- Doorbell cameras, which allow homeowners to see who is outside of their door before opening it, have been hacked in order to swat the homeowner – which is a form of harassment that involves lying to the police in order to send a swat team to the victim’s home and put them in danger.
- Smart thermostats, which allow the user to change temperatures using an app, have been hacked by cybercriminals who then changed the user’s settings.
As you can see, any kind of IoT device can be exploited, resulting in serious consequences for the user.
How are DDoS attacks related to the Internet of Things?
DDoS stands for Distributed Denial of Service, which is an attack technique in which cybercriminals disrupt a network by flooding it with bots. The result is that real people have trouble using whatever network was flooded because the server is overloaded by millions of bots instead of real users.
This kind of attack can disrupt businesses, causing a major loss in productivity, and therefore, revenue. It also can have serious consequences for users who may be unable to access necessary services.
Because of the vulnerability of IoT devices, cybercriminals can easily use them as part of what’s called a “botnet,” which enables the DDoS attack. The hacked IoT devices can be commanded to help flood networks alongside other hacked devices. The more unprotected IoT devices out there, the bigger the botnets.
How To Prevent Internet of Things Attacks
Here are some ways to prevent IoT attacks.
1. Practice good cyber hygiene
Cyber hygiene means using everyday best practices to keep safe on the internet. Practices like using unique, strong passwords for every account and device or not sharing unnecessary information online can help prevent a variety of attacks, including IoT attacks.
2. Secure your network
You should secure your WiFi network by changing the default password to a strong, unique password, along with changing the network name and encrypting web traffic in your admin settings. Many people use the default credentials for their WiFi network, which can be easy for cybercriminals to guess.
Strong passwords are hard to remember, so we recommend using a password manager – like Keeper Password Manager – to automatically generate and store passwords for you.
3. Use a guest network for IoT devices
While some IoT devices need to be on the same network as your computer and phone for full functionality, many IoT devices can be hosted on a guest network instead. This creates an additional barrier for cybercriminals who want to use IoT devices to gain access to your computers or other devices that contain sensitive data. If your critical data and your IoT devices are on different networks, it makes it much more difficult for one to become a doorway into the other.
4. Control account access to IoT devices
Some IoT devices have privacy settings that you can use to help control device access. This is important because the more people who have online access to the device, the more likely one of them will have their account compromised by a cybercriminal who can use that account to access your device for malicious purposes.
Businesses can use Privileged Access Management (PAM) to help control who has access to devices. PAM describes a type of software solution that businesses use to manage privileged accounts with access to sensitive information.
5. Physically secure IoT devices
Make sure IoT devices are physically secure. If someone can reach your physical device, that could help them hack into the device and ultimately the rest of your network and critical data. For example, if your business uses smart cameras to monitor your store, you should keep them out of reach of customers.
6. Disconnect devices when they are not needed
In order to reduce opportunities for cybercriminals to attack, you should disconnect IoT devices when they are not in use. Unplug the smart TV, turn off the baby monitor and otherwise disconnect your devices so they aren’t sitting ducks for cybercriminals.
7. Disable unused features
Similar to the above tip, turning off any features you don’t use in your settings will help reduce the attack surface of your IoT device.
8. Keep device software updated
Tech companies issue security patches as part of software updates, including for IoT devices. These patches are developed to fix security vulnerabilities that have been discovered either by the company or because of a cyber attack. It’s important to always update your software right away in order to prevent these vulnerabilities from being exploited.
Protect Yourself From IoT Attacks
The more pervasive IoT devices become, the more opportunities cybercriminals will have to exploit them for cyber attacks. Protect yourself with the above steps. If there is one thing you should do today to protect yourself online, set strong, unique passwords for each of your accounts and devices.
Keeper Password Manager makes it easy by automatically generating strong passwords and saving them in an encrypted vault. Check out our free 30-day personal trial or 14-day business trial to see how we can simplify cyber hygiene for you or your business.