By Emily Newton, Editor-in-Chief at Revolutionized Magazine
Internet of Things (IoT) devices are everywhere — and market research suggests they are about to become much more popular.
However, experts are concerned about the potential impact of poor IoT device security. Insecure items could leave businesses and consumers much more vulnerable to malicious software or cyberattacks.
IoT security is an evolving field with emerging best practices and standards. IT professionals that need to protect these devices should know how secure they are right now and how things may improve in the future.
The Potential Security Limitations of Wearables and IoT Devices
IoT devices and wearables often come with a few significant security vulnerabilities that IT professionals must consider. This is due to a handful of design oversights. These are a few of the most common issues IoT items will ship with.
1. No Access Controls
Many wearables and IoT devices are shipped without proper access control or security mechanisms. A wearable item may trust the local network to the point that any access from it is seen as legitimate.
Devices may also have easy-to-guess default passwords that users are not required to change or even know, making their data much easier to access. These items often have a single access level, and when access privileges are obtained, no further authorization is needed.
There may be nothing stopping a hacker from gaining full access if credentials for a device aren’t changed and are publicly available.
2. Minimal Data Controls and Encryption
Many IoT devices that collect data will store it in an unencrypted format, meaning if hackers gain access, nothing is stopping them from using the stored information.
Wearable and other personally identifying data are increasingly valuable to hackers. They may provide health data criminals can sell on the dark web or use for future attacks. GPS trackers and smartwatches may provide a combination of location, health and personally identifying information that people3 may find useful or valuable.
Data from IoT devices can also be a valuable target for hackers. Confidential information on smart factory processes, the movement of goods around a facility, or other types of operational statistics may all be of interest to criminals.
3. Increased Network Attack Surface
Vulnerable, internet-connected devices can greatly increase a network’s attack surface. Even if people aren’t interested in the data something collects, they may use insecure IoT items as a launchpad for an attack.
IoT attacks have risen consistently over the past few years. The growth in attacks can be explosive — for example, the number of attacks rose 600% between 2016 and 2017 and 500% between 2019 and 2020.
These numbers suggest that hackers are taking advantage of these devices to launch new attacks as IoT adoption increases.
IoT device design may also unnecessarily increase the network’s attack surface. One item may have ports open for services that are not required for it to function, making it more vulnerable than needed to hacking.
4. Obsolete Software and Dependencies
Like any other device, IoT devices require regular updates to be secure. Otherwise, they may become vulnerable to newly discovered exploits over time.
IoT devices must ship with current software and update functionality to allow end-users to easily patch them as needed.
If an IoT device developer goes out of business and can no longer provide security updates, their products may be left vulnerable to an attack.
5. Manufacturers Don’t Always Prioritize Device Security
An IoT device designed with significant security vulnerabilities may become even more vulnerable over time. Developers who fail to ship secure items don’t typically adopt an effective security posture after launch.
The manufacturer may be unresponsive to emerging vulnerabilities, customer concerns and security reports. Communication with end-users may be limited, leaving people on their own regarding device security.
How IT Professionals Can Manage IoT Security Limitations
IoT devices and wearables can be insecure, but significant benefits make them worth using.
Many of these devices are extremely energy-efficient. Piezoelectrics in modern wearables allow machines to charge themselves using energy from vibrations that come with moving, walking, and running. Many IoT devices are designed to consume as little energy as possible, making them cheaper and easier to maintain.
The data IoT devices collect can also be invaluable. Wearables may be able to continuously gather essential health data that end-users need to stay on top of their health. These machines can be used to monitor building systems, important machinery, and the movement of goods around a site or through the supply chain.
Manufacturers can certainly develop secure IoT devices. However, many won’t be designed with safety in mind, which may leave them vulnerable to attack. The right combination of IoT security best practices will help IT workers keep these devices safe. Changing default passwords, maintaining a regular update schedule, and using encryption can help make IoT devices much more secure.
Good cybersecurity practices like network monitoring can provide additional security for businesses that use IoT devices or allow employees to connect smart technology to the company network.
IT Workers Should Be Ready for These IoT Vulnerabilities
The IoT market is growing fast. However, attacks on IoT devices are also rising. IT professionals who work with these machines need to be prepared for the unique security challenges that can arise.
Poor access controls, limited encryption, vulnerable software, and bad vendor security posture can make IoT technology less secure. Good practices can help IT professionals minimize the security risks these devices pose, allowing businesses to take advantage of the benefits they offer without compromising security.
Emily Newton is the Editor-in-Chief at Revolutionized Magazine. A regular contributor to Brilliance Security Magazine, she has over four years of experience writing articles in the industrial sector.