The Internet of Things (IoT) has
entered our lives and has opened the doors for a new set of security threats.
Have you ever thought about what could happen if your IoT-connected
refrigerator was hacked? A kettle that you can turn on remotely using your
phone. A refrigerator that tells you what food is on its shelves. The trainers
who tell you the distance you jogging. We can easily give an examples of IoT in
our lives. But have you ever considered
their safety?
For example, suppose you purchased an
IoT-connected kettle with a standard default password and user name. You do not
change the password and the manufacturer does not warn you; Suppose that the
necessary security and data encryption measures are in place. What can a hacker
do to detect this fundamental vulnerability and install malicious software on
your kettle? Your attacked kettle can then be used to attack a targeted
website, and what you perceive as a inanimate object can create a security
nightmare.
The recent DDoS (distributed denial
of service) Dyn attack also showed the need for an IoT security wake-up call.
The October 21st attack included a cyber weapon called Mirai botnet, an IoT
device used to bomb Dyn servers, such as digital cameras and DVR players. After
the attack, a senior member of cyber security at the Council on Foreign
Relations; David Fidler noted:
“We have a serious security issue
with cyber security of IoT devices and we have no real strategy to combat it.
Imagine what a well-sourced state actor can do with unsafe IoT devices.” Accordingly,
security experts predicted the rise of the "Security of Objects" of
the current year - new solutions, software and tools are needed to solve the
security problems of smart devices.
What is really worrying is that IoT device
owners are often not aware of the attacks. The reason for this is that once a
device has been intercepted, it is impossible to say that they were attacked
because they normally continue to function. When these devices, the targeted
system, corporate servers, and even the same network with confidential
government data are located, new scenes behind the problems continue to emerge.
The point is that there is no way to develop an adequate security strategy
without knowing which devices are exchanging data on a particular network or
the Internet as a whole. In theory, each device added to a network needs to be
evaluated for security.
