IoT (Internet of Things), the phrase that describes non-computer devices with Internet connections, is extremely vulnerable to hacking and exploitation. IoTs like cars, refrigerators, and webcams that are connected to the Internet, are sitting ducks for hackers. According to a study released by HP a few months ago, almost 75 percent of Internet-connected devices, including Smart TVs and webcams, had security vulnerabilities. The first recorded large-scale IoT hack took place in December 2013, during which, gadgets ranging from routers and smart televisions to even a smart refrigerator sent more than 7.50 lac malicious emails to targets.
Unfortunately, the companies that manufacture and market such IoTs, seldom have security in their mind. During a recent Black Hat security conference that was geared toward hacking “smart devices”, security researchers from the University of Central Florida demonstrated how they could hack a Nest Thermostat. By plugging a USB device into the Nest, they put it into “developer mode” and uploaded their own custom firmware.
The extent of concern can be gauged from the fact that FTC (Federal Trade Commission) has recently offered $25,000 as a reward to anyone who can fix the security holes in smart gadgets that leave doors open for hackers to exploit them. The FTC had also published a report in 2015 highlighting the enormous security issues posed by over 25 billion devices connected to the internet. The problem stems from the proliferation of smart devices, including things like light bulbs, stereos, televisions and refrigerators,that connect wirelessly without adequate security.
How does one protect such gadgets (to some extent at least)? The best way is to change the default password and avoid connecting the gadget to the Internet, unless absolutely essential. If connected to the Internet, the gadget must be behind a properly configured router and firewall.
In the contest that opens on March 1, 2017 and closes on May 22, 2017, FTC has offered the top prize of $25,000 for the best technical solution and up to $3,000 for honorable mentions. Any takers?
About the author:
Mr. Satish Warrier- Cybersecurity
He is a seasoned Information Security professional, having handled the role of a CISO for over 15 years in Banking, Manufacturing, FMCG, Retail and Real Estate Sector. Besides being an MBA, Satish has done his Computer Management course from Jamnalal Bajaj Institute of Management Studies..He was the first CISO (Chief Information Security Officer) of IDBI Bank, having set up, from scratch, the entire security infrastructure of the Bank to protect the core banking application and alternate banking channels such as ATM, POS, Internet Banking, Mobile banking, etc. from internal and external threats.