Smart devices, often referred to as “IoT” or Internet-of-Things, connected by the internet are access points for hackers to infiltrate your networks and devices. CCTV cameras, printers, fridges, TVs, locks, bulbs, and so many other devices are now becoming “smart” to make life more convenient and efficient. However, it is crucial to think about this — is your smart device safe from cyber attacks?
In 2016, hackers used smart devices as weapons to attack several popular websites and shut them down. Spotify, Facebook, Reddit, and Twitter were some of these websites that were victims of these cyber attacks. Each of these platforms directs customers to its website through a company named Dyn, which was the target of the attackers.
Dyn is a DNS service, which functions as an internet "phone book" by directing users to the website's IP address. Such services are critical components of web infrastructure.
It was targeted with a distributed denial of service (DDoS) attack, which uses thousands of machines to transmit coordinated messages in order to overwhelm the service. Several million internet addresses were involved in this "global event."
According to security specialists, these attacks were carried out through the "internet of things," or web-connected household appliances. WiFi-connected devices can be susceptible to cyber attacks due to various vulnerabilities in their design, configuration, or security protocols. These IoT devices can be easy access points for cyber attackers, and here are a few reasons why:
Many IoT devices come with default passwords, and users often neglect to change them. Hackers can exploit this by attempting to access devices with default credentials, gaining unauthorized control.
Some IoT devices may not receive regular firmware or software updates. Without security patches, vulnerabilities in the device's software remain unaddressed, making it easier for attackers to exploit them.
Weak or non-existent encryption in communication between the device and the network can expose data to interception. If the data transmitted is sensitive, it becomes a potential target for cyber attackers.
Some IoT devices may have poorly implemented security protocols or may lack essential security features. Also, their software is not up-to-date which makes it easier for attackers to bypass security measures and gain unauthorized access.
Many IoT devices are constrained, meaning they have limited processing power and memory, making it challenging to implement robust security measures. This limitation can be exploited by attackers to compromise the device.
Manufacturers often set default settings for ease of use, but these settings might not be the most secure. If users do not review and adjust these settings, it creates an opportunity for attackers to exploit default configurations.
If the WiFi network itself is not secure, attackers can gain access to the connected devices by compromising the network. This emphasizes the importance of securing IP-based networks with strong encryption and a secure password.
Some IoT devices may be physically accessible, providing an opportunity for attackers to tamper with or compromise the device directly. For example, physical access to a smart thermostat or security camera could lead to unauthorized control.
As many devices in the IoT environment are interconnected with multiple devices and networks, compromising one device can provide a gateway to others. Once inside the network, an attacker might pivot from one device to another, gaining access to your ICS systems and even your corporate IT systems.
So, even if you think your OT systems are safe, a small vulnerability in IoT devices that sends data packets to OT systems can put your entire operational technology at risk! Manufacturers and developers play a crucial role in addressing these vulnerabilities by designing and maintaining secure devices and systems. MicroSec’s solutions help address these vulnerabilities and secure your OT network by monitoring, detecting, and encrypting your network and devices.