During the digital transformation process, the Internet of Things (IoT) isn’t just a concept that describes the technology that connects objects and devices to the Internet in order to obtain additional information. It is a reality that is quickly conquering our homes. Besides smart TV, air conditioning, printers, refrigerators and smartwatches, the Internet of Things also includes baby monitors, pacemakers, insulin dispensers, thermostats, wearable devices and home entertainment devices. And don’t forget the popular voice assistants such as Alexa or Google Home.
According to a study conducted by Gartner, by the end of 2020 there will be four devices connected to the Internet per each person in the world. It’s estimated that the number of connected objects will reach the 20 billion mark, which means a 238-percent increase since 2018.
Some examples might be useful to understand how serious this is. In 2016, surgeons implanted a pacemaker into Marie Moe, but omitted to tell her the device could connect to the Internet and lacked any kind of security configuration, therefore vulnerable to cyberattacks. What would have happened if the pacemaker was hacked?
Voice assistants can already manage locks, alarms, fire control systems and lights, among other things. And they can be set up outside home, thanks to the excellent microphones they have. This situation can be prevented adding cybersecurity solutions that identify the authorized users, whether for their voice patterns or by the integration with CCTV systems and facial recognition.
The lack of knowledge from the users and the difficulties to solve the vulnerabilities from the providers are two key elements that generate opportunities for attackers.
The main risks of Internet of Things include:
- Utse the Universal Plug and Plug (UPnP) protocol to sign in, set up and control the devices remotely, without authentication.
- Use factory-set passwords to send mailware or spam, or to steal sensitive information.
- Use the IoT device to make physical damage
- Overload the devices until they become inoperable
- Interfere in business transactions
- Implement insecure services through HTTP or MQTT
To avoid inconveniences, it is necessary to have a cybsersecurity strategy. These are some of the main things to consider.
- Change the factory-set passwords by robust passwords made up of a combination of letters, numbers and special characters.
- When possible, use separate Internet networks for IoT devices and computers, smartphones and tablets.
- Keep devices updated.
- Monitor the data use, consumption and traffic of each device
- Make regular security checks
If we become distracted, technology can become an enemy. Luckily, it’s only a matter of paying attention and taking up secure habits.