IoT: Advantages and Vulnerabilities

Without a doubt, IoT devices have been developed to make life easier for us. But if we do not take a series of measures, the vulnerabilities of the Internet of Things can end up negatively affecting the continuity of our business.

 

It is difficult to specify it. According to some estimates, by 2020 there will be more than 20,000 million devices connected to the Internet. Other sources speak of 30,000 million. And the most daring foresee that the figure exceeds 50,000 million. And many of them, in addition to the Network, will be connected to each other. That relationship is what is known as the Internet of Things or Internet of Things – hence the term is usually interpreted as IoT.

Without a doubt, the IoT is here to stay. And the interconnected devices are called to make life easier for us both personally and professionally. Thus, as recalled from the Office of Internet Security (OSI) , the Internet of Things has many uses: from home automation to medicine and health care, through automation and control of production processes, transport and logistics, agriculture, livestock, forestry or video surveillance. In short, it can be applied to activities of the most varied.

What kind of smart devices are there in an office?

 

Among them, the mediation of insurance, whose professionals use different intelligent devices to carry out their work. In this regard, point from the National Institute of Cybersecurity (Incibe) , although each office is a world, many workspaces already have some of the following:

  • Printers and photocopiers with Internet connection.
  • Network storage servers (NAS).
  • Videoconferencing systems
  • Presence control systems.
  • Thermostats
  • IP web surveillance cameras.
  • Alarms with remote control.
  • Power outlets with remote control.
  • Smart USB hubs
  • Smart TV
  • Small appliances

And at this point it is worth asking: beyond the “smartphones”, computers and “tablets”, are SMEs concerned with protecting devices connected to the Internet or internal networks of the company? To what extent do they take into account if they are vulnerable? Do they have their own or external staff that is responsible for designing and implementing the appropriate cybersecurity measures?

What risks does the Internet of Things entail?

At first glance, IoT devices may seem harmless to the cybersecurity of our networks and companies. However, they warn from Incibe, it’s not like that. By being connected to the Internet, cybercriminals can access and compromise them. In this sense, it is estimated that 70% of IoT devices are vulnerable to the simplest attacks. And this is because they are marketed with lower security standards than other network devices, which makes them easy and very attractive prey for cybercriminals who want to access the “guts” of an organization.

In statements to the Efe Agency, Maya Horowitz, director of the Threat Intelligence Group of Check Point , an Israeli company specializing in cybersecurity, warns of the risks involved in the IoT:

“By themselves, connected devices are not particularly dangerous. But cybercriminals attack them to integrate them into a “botnet”, a network of infected and remotely controlled devices. Devices that, in many cases, store their data in the cloud. And the “cloud” world, despite what is usually thought, also has its vulnerabilities “.

On the latter, Josep Albors, responsible for Awareness and Research of ESET Spain , makes an interesting reflection on the blog We Live Security of the Slovak computer security firm:

“The manufacturers (of the devices) have almost completely neglected a crucial section such as security. And users are aware of this: 70% of respondents to the development of a study believe that IoT devices are not safe, especially in terms of privacy. But, despite this, 62% would not stop buying them. It is very important to be aware of the vulnerabilities that they entail, since they can be easily exploited by cybercriminals to create “botnets” that make it easier to use the devices for their own benefit “.

What attacks can IoT devices suffer?

As Josep Albors commented, many smart devices leave the factory without appropriate safety standards. For example, they may have an access username and password configured by default that, in some cases, can not be changed by other, more secure credentials. And among other vulnerabilities also include the absence or insecurity of encrypted communication with the cloud, server or user, the absence of updates to correct security failures or the presence of “back doors” that facilitate access to the device.

And once the objective is achieved, they warn from the OSI, the vulnerabilities of the IoT devices can be exploited to carry out, among others, the following cyber attacks:

  • “Ransomware”. It is one of the fashionable cyber attacks and is based on the hijacking of devices. These are not released until the payment of the ransom is made, an action that does not guarantee the recovery of control of the device.
  • Denial of service attacks. Also known as DoS or DDoS allow you to gain control of a device and add it to a network of infected computers that attack pre-defined objectives together.
  • Information theft. Attacking an IoT device allows access to others connected to the Internet, which paves the way for stealing documents, files and service credentials.
  • Manipulation of the measurements. If an intelligent device is attacked, cybercriminals can cause failures related to power supply or heating, opening doors, operating appliances, etc.
  • Privacy. Through an attack on an IoT device it is possible to know where a person is, as well as their habits and preferences.

10 tips to protect our smart devices

For all the above, it is clear that IoT devices have been developed to make our lives easier. In the personal field, it is likely that many readers of the Xenasegur blog have acquired a smart watch or bracelet to, among other functions, use it as a pedometer or calorie consumption meter. And from a professional perspective, they can also help streamline the work of an insurance broker or materialize the concept of intelligent office in a brokerage.

But, as we have seen, IoT devices have vulnerabilities that are exploited by cybercriminals. Therefore, pending the development and approval of regulations and regulations that force manufacturers to develop safer devices, it is necessary to take into account these safety advice provided by the OSI:

  1. Whenever possible it is important to change the user and the password that the device brings by default.
  2. It is convenient to isolate the devices in a separate network to prevent someone who accesses the Wi-Fi network from interacting with them. If we do not need to remotely access our network, your thing is to disable remote administration.
  3. In addition to using strong passwords, IoT devices have to be “shielded” with WPA2, a system to protect Wi-Fi networks. And also worry about the security of the “router” to prevent cybercriminals from accessing it.
  4. It is also advisable to establish a traffic filtering to prevent unauthorized traffic from being directed to a specific device or to the outside of the network.
  5. The information that contains or receives a device must be encrypted to prevent theft, manipulation or modification of the actions to be performed.
  6. Through periodic analysis, an antivirus will help us detect infections or vulnerabilities.
  7. In the case of using the control and management applications of an IoT device in the mobile phone, it must be verified that the granted permits are the ones you need; otherwise, those that are not necessary for its operation must be disabled.
  8. It is important to read the privacy policies of an IoT device to know what information is collected, stored and used by the company that created it.
  9. Both the “software” and the “firmware” of the IoT devices have to be kept up-to-date.
  10. As in the field of health, in terms of cybersecurity, prevention is better than cure. In the cybersecurity policies of a company, all risks must be considered, including those involving IoT devices.