The growing array of devices that can be connected to the internet causes consumers to be increasingly susceptible to cybercrime. Every smart TV or networked lightbulb we set up in our home or office can become a silent soldier sent by hackers to the global battlefield of cyberwarfare.
The global smart home market is expected to reach an estimated $107.4 billion by 2023
Looking at the figures, the future of the smart home market looks attractive. Vendors now see opportunities in home safety and security, appliance, entertainment, lighting, HVAC, healthcare, and kitchen applications. The global smart home market is expected to reach an estimated $107.4 billion by 2023 with a CAGR of 9.5% from 2018 to 2023. The major growth drivers for this market are increasing awareness related to safety and security, increasing consumer need for simplicity and personalized experience, and the growing adoption of cloud-based technologies, according to the same report. Smart TVs are currently the most popular connected devices after smartphones, laptops, and tablets. People use them even more often than traditional desktop terminals, baby monitors and intelligent clocks.
Cybercriminals send to the battlefield “armies” of smart devices
Devices connected to the Internet may have a number of common vulnerabilities, ranging from severe security issues to weak authentication mechanisms and even unencrypted communication with the manufacturer’s servers, which allow attackers to access them unauthorized. Cybersecurity specialists draw attention to simple mistakes made frequently by smart gadget users. One common mistake is to connect all your devices to the same Wi-Fi network. This makes them vulnerable to cyber attacks, as each gadget expands the attack area and represents a potential gateway. One recommendation is to connect your smart devices to a network that is separate from the one you keep your laptop or phone on. Smart gadgets typically have very low access credentials (username and password only), so attempts to break passwords are very popular. Once compromised, attackers can easily reach laptops and phones if they are connected to the same network and access confidential data.
Users who don’t use up-to-date software are exposed to situations where attackers can exploit vulnerabilities already known and subsequently corrected by software manufacturers and target victims who are still using the outdated version of those programs. Counting on the fact that some users do not switch to the latest version as soon as they are available, hackers can infect devices with computer threats, such as ransomware (perpetually block access to data, unless a ransom is paid), or create an IoT botnet and then stop the activity of popular sites.
For example, a large number of remote-controlled TVs can be used by cybercriminals to launch distributed denial of service (DDoS) attacks. During these attacks, the “army” of smart devices now controlled by cyberpunks are simultaneously accessing a site, which stops it from functioning. In February, Bitdefender specialists identified a network of tens of thousands of smart gadgets, remotely controlled by attackers, capable of rapidly infecting any vulnerable device and spying on the victim’s privacy. The Hide’N’Seek Investigation has revealed an increased level of complexity and novelty regarding the theft of personal information, ideal for blackmail. The attack-controlled network has reached almost 100,000 infected terminals in more than 100 countries. The biggest botnet attack occurred in the fall of 2016, when a malware called Mirai, operated using intelligent devices, led to blockages for services such as Twitter, Spotify, The New York Times, Reddit, Yelp, Box, Pinterest, and PayPal by overloading the Domain Name System (DNS), a critical component of the digital infrastructure.
Consequences and countermeasures
Potential consequences of an IoT data breach include significant financial and reputational damage, as a result of the loss of sensitive personal or enterprise information. Many experts support the idea that IoT device manufacturers and developers should be held accountable for the flaws in their products, advocating for industrywide standards.
For organizations adopting IoT technology, it is crucial to establish a so-called “incident response team”. After an attack, the team must remediate vulnerabilities and disclose data breaches to the public. Another efficient countermeasure is implementing devices that are capable of receiving remote updates, thus minimizing the potential for cyberpunks to exploit outlying weaknesses. In order to protect users’ privacy and sensitive organization data, security leaders must invest in reliable data protection and storage solutions.
While analyzing the potential increase in efficiency and productivity in both domestic and enterprise settings, always take into account the consequences of data theft or illegal takeover of the devices themselves. At the moment, even the top security solutions cannot create a bulletproof system, so IT professionals and device owners must take security into their own hands by following basic best practices in IoT deployment.
