The Internet of Things (IoT) refers to objects that automatically send and receive data over the Internet. Consulting firm Gartner estimates that this year we will have some 9,000,000,000 (nine billion) of “things” connected to the Internet. A third of them will be used by companies, and the rest by households and governments to manage public spaces.
What are the risks?
Although many risks are not new, the sheer scale of the interconnectedness of these “things” increases the possible consequences of known risks and creates other new risks.
In 2016 to 2020 the number of largest recorded attacks so far.
Attackers take big advantage of this scale to infect thousands of devices at once (the Mirai zombie network controlled 500,000), allowing them to access the data on those devices, use their computing capabilities, attack other computers or devices, or even provoke direct damage to people. See some examples:
Ordinary cars can accelerate or brake, turn off or activate airbags without warning, causing an accident or injury to you or third parties. Surveillance cameras, computers, smartphones, and televisions can be controlled to take pictures and record videos without you knowing. How would you feel if compromising photos of you or a family member were posted? How would it affect you at work or at your children’s study places? Of phones and smart watches can be drawn about the places you visit and their health habits (sleep, stress levels, weight, physical activity) and medical conditions (such as level of blood sugar). If it were made public or used by unscrupulous companies, it could affect your personal ties and even your chances of accessing loans, insurance or certain jobs.
– OR –
Temperature and humidity controls connected to the Internet can be manipulated to force you to evacuate certain environments, to consume much more electricity than necessary and affect your economy, or to cause your air conditioning or heating equipment to be irreparably damaged.
– OR –
Medical equipment connected to the Internet to send data to your doctor and be supervised by its manufacturers can be controlled to give erroneous results or administer fatal doses.
– OR –
Printers and copiers have microcomputers that store everything they process. Taking control of them, information of all kinds can be known: medical records, trade secrets, public security data.
The capacity of the microcomputers and Internet connections of all these equipment added together, are equivalent to those of the most modern supercomputers. Attackers with access to them can use it for free to send spam, crack passwords, take control of public computer systems (such as power grids, traffic signals, and airports), make sites or web services inaccessible, or even make money (by mining cryptocurrencies ), and everything would be paid for by you. Do these scenarios sound like science fiction? Of all these examples, there are already real cases, some created by investigators and others executed by governments and criminal organizations.
How to secure and protect devices connected to the Internet?
Regulary do updates and change default settings
Evaluate your security settings in a timely manner. A number of devices offer a variety of features that you can adapt to. Allowing certain features to increase comfort or functionality can leave you more vulnerable. It is important to examine the settings, especially the security settings, and select only the minimum options that meet your needs. If you do not know how to do it or have doubts, contact a specialist to advise you.
Make sure you have updated software. When manufacturers become aware of new vulnerabilities in their products, they create patches (updates to their device software) to fix the problem. Be sure to apply the relevant patches as soon as possible to protect your devices. Having updated software is the best way to protect your network.
Use secure passwords. Passwords are frequently the only obstacle between you and your individual information. Some devices are configured with default passwords to simplify their initial setup, making them easy to find on the Internet and offer no protection. Change them as soon as possible to help protect your devices.
Control online status of IoT if possible
Connect them only when necessary. Whenever your IoT device gets connected to the Internet and gets online status, it is also connected to a number of millions of other computers, which could create a way to attackers’ access to your device. Assess whether you need to leave them connected to the Internet for 24 hours.
Do changes only if you know what you do
Consult with specialists. When we do not know how to repair a water loss, we call without doubt the plumber; for the electrical installation, to the electrician. With high-tech devices, as much as sales managers make it seem easy to manage and secure, this is not always the case. If you do not know how to do it, do not have the necessary time, have doubts or want an external review (punctual or periodic), turn to specialists with proven experience.