Cybercriminals are always on the lookout for old and new vulnerabilities which they can use as weapons. As business operators and homeowners add internet-connected devices to their networks, cybersecurity holes are bound to appear.
IoT (Internet of Things) devices have consequently joined the ranks of vulnerable gateways for hackers. According to a report by McAfee Labs, malware attacks targeting IoT devices increased by 203% in 2018.
Part of the reason for this exponential rise has to do with the fact that IoT devices notoriously prioritize convenient access over security.
Security camera systems
At present, IP cameras are among the biggest honeypots for hackers. Let’s face it, not everyone can afford a state of the art security camera system. Why even bother when there are lots of cheap options that do more or less the same thing? That’s mainly where the problem lies.
Many low-cost IP camera manufacturers do not invest much in security. In fact, a good number of them base their security system on a similar blueprint. While this is convenient for the manufacturer, it also means that if hackers discover a vulnerability in one, the rest are as good as compromised.
For those who live in smart homes, with a smart hub at the center of your kingdom, you probably wonder how you ever lived without smart things. But did you know that your smart hub could also be a hacker’s gateway into your smart paradise?
Smart hubs currently account for 15% of hacked IoT devices. Thanks to their support for remote access and control over the internet, they have become a major vulnerability. You may wonder what a hacker wants to do with your smart hub.
Usually, however, the smart hub is just a way to get to something else. Perhaps it’s the computer connected to the smart hub, or some other repository of sensitive data.
Network-attached storage devices
Following closely after smart hubs are network-attached storage devices, which account for 12% of hacked IoT devices. Just like in the previous scenario, networks could have vulnerabilities that allow malicious actors to gain access to such storage devices.
Considering that most of these devices hold backups of sensitive data or other information, they are a prime target.
Routers are also an easy target for malicious criminals. The attacks are so prevalent that in 2018 the FBI issued a warning to US households and businesses to reboot their routers.
If a 2019 Avast report is anything to go by, many seem to have ignored this warning. Per this report, 60% of router users have never updated the firmware on their routers. In fact, many seem to forget about the router soon after setup, often leaving them vulnerable to simple attacks.
Another risk has to do with weak passwords, which attackers make use of to gain access to the device. Worse still, having access to the device potentially means that they can access other devices on the network. Some use this opportunity to steal credentials while others use it for crypto mining. Oftentimes, users won’t even realize they have been compromised until it’s too late.
Hackers are also targeting streaming devices to gain access to a variety of other devices. There have been reports of illicit streaming devices making their way past home network security systems and infecting users with malware.
The devices in question look legit, but instead of connecting to sites like Netflix, they connect to pirate apps. Since they come pre-installed with illicit software, users are often unaware of the dangers. They steal sensitive information, such as financial data and passwords, and download malware to connected devices.
In other cases, they are using media players to get access to and control devices. By manipulating subtitle text files, they are able to take control of smartphones, tablets, computers and even smart TVs.
Subtitle files for TV shows and movies are usually created by countless writers then uploaded onto online repositories. They typically contain Java code or HTML making them an easy point of entry for malicious attackers. This is because such code can hide malicious commands allowing an attacker to take control of any device running specific media players.
Your smartphone is probably your hub for everything, from work-related stuff to financial apps and everything in between. It’s easy to see why hackers are targeting smartphones, even more than computers.
A smartphone not only has your sensitive data but also knows where you are at any point, has your photos, passwords and friends’ details among other things. Hackers use various loopholes in your phone operating systems to introduce bugs. Thus, they can turn on the microphone or camera to carry out mischief. Unsecure sites, unknown apps and obsolete firmware are other common gateways for bad actors.
Moving out of the crosshair
As connected devices increase in popularity and number, the threat surface expands and the risk potential increases. The above paints a grim picture for almost everyone in our increasingly digital world. IoT devices have brought so much convenience into life as we know it. But the situation does not necessitate moving to a remote off-grid location to avoid falling victim. Rather, there are some simple measures that could make a world of difference.
- Don’t use default passwords
Though many devices do not prompt users to change the default password during initialization, it is wise to make this a standard practice. Beyond changing default passwords, it is also crucial to ensure that every password is unique and complex.
- Don’t skip updates
Software updates usually contain patches for bugs and other security fixes. The more obsolete your firmware, the more vulnerable it is, and vice versa.
- Reboot once in a while
Periodically rebooting the devices on your network also plays an important role as it can remove malware that has found its way into them. Finally, if at all it is possible, allot some time to block or close unused ports as that would also serve as a deterrent.
- Use a VPN
You would rather keep your use of some IoT devices discrete. Well, running a VPN on your router will help you do that. Moreover, it will also encrypt any data these devices transmit, potentially saving you from a man in the middle (MITM) attack.
Keep in mind that a network is only as strong as its weakest link so keep the above simple security measures in mind and keep your chain strong.