Is the IOT Secure Enough?

Few technologies have been able to achieve the massive societal revolution that the internet has. Both businesses and consumers have wholeheartedly adopted this innovation, and it's already started to reach every corner of modern life. Perhaps the best example of this is the Internet of Things, or the trend of giving everyday objects like light bulbs and refrigerators the ability to connect to the internet.

The IoT has a host of advantages that could go on to once again change the world. That said, the trend currently has a major obstacle to overcome: security.

Due to their somewhat recent deployment on the market, IoT devices are incredibly unprepared for cyberattacks. To that end, let's explore what threats face the IoT as well as why they matter.

What issues are facing the trend?

The biggest problem that's presented itself with the IoT so far is the fact that people generally don't understand the responsibility behind giving these objects an internet connection. Often, this takes the form of improper device management etiquette.

When IoT devices are first created, they have to be tested. This, along with other reasons, is why these gadgets are often given basic login credentials. Anyone that works for the manufacturer that needs to work with the product simply needs to have access to the list of admin credentials.

The issue with this is the fact that the devices are then shipped out to the customer with these basic passwords and usernames. The average consumer generally doesn't know that they have to change these, which results in multiple gadgets on the market having the exact same basic login credentials.

This is a hacker's delight because it allows them to take control of a huge swath of internet-connected devices without having to put in much work. This enables the criminal to set up a botnet, which is simply a collection of infected devices that the nefarious individual can put to work whenever he needs them.

"This threat isn't some thought experiment."

Dyn attack shows what this vulnerability means

What's more, this threat isn't some thought experiment. This exact vulnerability was used by hackers recently to take down a major internet services provider. Basically, a cybercriminal or a group of like-minded individuals created a giant botnet by releasing the Mirai malware.

This malware variant was created in order to take over devices that were a part of the IoT. Once Mirai infected a gadget, it would brute force a list of known manufacturer login credentials. After gaining admin privileges, the hackers sat and waited.

Finally, on the day of the attack, the cybercriminals used the botnet to direct an incredible amount of data toward the servers of Dyn, a company that acts as a switchboard between websites and the end user. This is called a distributed denial-of-service attack, and it worked perfectly.

Dyn's servers crashed, forcing downtime for huge companies such as Twitter and Netflix. Although most of the damage was contained to users in the east coast, this incident very clearly underlines the threats facing the internet right now.

Microsoft is working to mitigate risks

Clearly, something must be done for the IoT to be considered safe. While this answer is going to need to come from both manufacturers as well as the consumers that use these products, Microsoft is developing a means of improving security.

Microsoft knows that the IoT has immense ramifications for the business sector, which is why they've created a new security solution for Azure IoT, according to Business Insider's Matt Weinberger. This program is meant to give organization the ability to scan IoT networks to check for often overlooked lapses in security.

How this trend develops in the future is entirely dependent on current security concerns, and Microsoft will be well-rewarded for any revolutionary solutions it discovers.

Nov 2016

By: Kayla Tellers