Staying safe on the Internet of Things

Nov. 11, 2019
The expanding IoT universe leaves even the most common network device vulnerable to attack

As more and smarter items enter the market, it’s clear that our lives are becoming more interconnected with each day. The Internet of Things (IoT) is growing in offices and homes around the world as people aim to centralize their technology and have extended control over every appliance. From Wi-Fi-enabled coffee and washing machines to security systems at work, the applications of IoT seem to be limitless. But beyond the trend-hunting novelty, many of these devices pose sometimes considerable security issues which need to be addressed before more devices expand the IoT universe.

With recent news emerging of an iPhone vulnerability which affected every device running iOS 10 to iOS 12, it’s clear that internet security is a major issue on every device with internet access that we interact with regularly. The vulnerability could have resulted in thousands of iPhone users having their contacts, images, location and app data access by cybercriminals.

More so than issues with just one individual type of device, the proliferation of interconnectedness through IoT means that any vulnerability anywhere could compromise entire systems, resulting in individual personal data at home or masses of sensitive data in business organizations being accessed and exploited at any time.

Issues at Home

In the home, IoT devices can range from washing machines to central heating, allowing users to control their homes while on the go. While this level of foresight is highly attractive to modern workers, the manufacture of many of these devices leaves security to an afterthought, making them particularly vulnerable. Some IoT devices save Wi-Fi passwords insecurely, so although breaking into your central heating device may not seem threatening, any device could allow further access to the network. Once in, criminals could monitor internet usage and harvest personal data such as bank details.

There have also been several instances in the past couple of years where home assistants such as Google Home and Amazon Alexa have been discovered to be recording more than initially thought. Leaked data from Google found that recordings from the devices containing personal conversations were being sent to human moderators for the purpose of training. These devices are gaining popularity the world over but many who buy them aren’t considering the personal safety implications of home devices which are always listening.

Workplace Issues

The interconnected office is streamlining administrative tasks and making workers’ lives easier everywhere. However, much like vulnerabilities in home networks, insecure IoT in the office could eventually cost businesses big time through exploitation, lost data and lost revenue. Robust security measures need to be put in place in order to protect businesses from access through IoT devices.

For companies operating Bring Your Own Device (BYOD) policies, ensuring all employees’ devices are reviewed and approved before being used for work purposes is a necessary step to protecting any sensitive data held by the company. Additionally, blockchain technology has been suggested as a way of securing IoT discrepancies, as this creates a decentralized network where access to one point in the system doesn’t grant infiltrators immediate access to anywhere else in the system.

Manufacturing Problems

Ultimately, IoT is solving problems for people at work and at home and is likely not going away any time soon. For this reason, awareness of the safety implications needs to be improved to ensure that customers know exactly what they’re getting when they purchase any device. Home assistants like the ones sold by Google and Amazon need to be more transparent with how they handle client data and allow users more freedom in how their data is used to ensure users’ personal data is as protected as it can be.

Additionally, manufacturers of any internet-enabled device need to pay careful attention to possible vulnerabilities and deal with them before any device is put on the market. As cybercrime is one of the most common crime categories in the U.S., cybersecurity must be prioritized to tackle the swell of malicious actors taking advantage of our ever-expanding networks.

About the Author:

Damon Culbert is a content writer from Cybersecurity Professionals (https://cybersecurity-professionals.com/), a specialist cybersecurity job site worldwide. Culbert has written on cybersecurity for Cyber Defence Magazine, Beta News and CSO.