Every day, a large number of IoT devices that have not undergone strict security testing connect to our lives. We must realize that this is a process of gradually accumulating risks. Just as we require vehicles on highways to comply with safety standards and undergo annual inspections to ensure traffic safety, there are no comprehensive product network security standards and requirements for IoT devices on the information highway, and even less supervision of their operational safety. Various signs indicate that cyber attacks and privacy breaches in the field of smart IoT applications are rapidly evolving.
The following summarizes seven widely used IoT devices that pose significant security risks and cause headaches for professional security personnel:
01. IoT Surveillance Cameras
Whether for urban streets, corporate facilities, schools, or hospitals, IoT cameras have become mainstream applications for monitoring our interconnected lives. Even without considering the numerous privacy concerns arising from surveillance video leaks, other security risks associated with IoT cameras have surfaced. The rise of the Mirai botnet and the DDoS attacks it caused are typical examples of the threats posed by cameras, as attackers are adept at exploiting security vulnerabilities in IoT cameras to create bot armies for illegal attacks.
Security researchers indicate that IoT cameras are often rife with various flaws, including the lack of authentication in protocols used for streaming video, and the absence of encryption protection for all communications between the camera, applications, and servers. These flaws not only facilitate Mirai-style DDoS attacks but also open the door to targeted attack trends, including remote takeover of cameras and commercial fraud activities.
02. Robotic Vacuum Cleaners
Did you realize that when robotic vacuum cleaners roam around rooms and offices, they may not only be cleaning dust but also mapping the layouts of these spaces and transmitting this data back to the cloud database of the device supplier? Many people may not have realized this until now, as most do not think deeply about how vacuum cleaners work.
But this is a fact; just months ago, Amazon acquired Roomba’s manufacturer iRobot for a whopping $1.7 billion, making it one of the largest companies with detailed consumer spatial data globally. This acquisition, as another instance of Amazon collecting IoT data, has once again raised alarms among privacy advocates. Robert Weissman, president of consumer advocacy group Public Citizen, stated, “Amazon’s move is not just about selling another device in its marketplace, but about obtaining more details about our private lives to gain an unfair market advantage and sell us more products.”
03. Smart Speakers
“Hey, smart speaker, tell me, what are the cybersecurity risks of connecting you to the cloud?”
Major internet giants have successively launched smart speaker products equipped with numerous irresistible features, making it difficult even for security professionals to resist the temptation to use them. Surveys show that many security professionals use various smart speakers, not only because they are fun but also because they make life convenient, allowing control of lights, music, and more with a simple voice command. However, this convenience undoubtedly increases security and privacy risks.
Currently, the various potential risks associated with smart speakers have been fully exposed, ranging from vendor eavesdropping to analysis of consumer behavior, to being hijacked by malicious actors to monitor corporate activities. However, the industry still lacks sufficient technical measures and standards for privacy protection in smart speaker applications.
04. Smart Toilets
Smart toilets are now widely used and provide great convenience, making life more comfortable. In the future vision for smart toilets, scientists are beginning to add more capabilities. They believe that people have unique biometric characteristics on their backs, similar to fingerprints, and that smart toilets could identify certain diseases at early stages. Other ideas include toilets that can remotely screen waste and upload data to detect signs of disease.
A survey by Thomson Reuters shows that only half of the respondents feel comfortable using smarter toilets, while 30% indicated they would resist connecting smart toilets to IoT systems due to security concerns.
05. Vehicle IoT Applications
Vehicle IoT applications are currently the most talked-about focus in the IoT field, with many service providers heavily promoting the benefits of this application, such as streamlining payment processes, recovering stolen vehicles, and enabling safe driving.
However, when it comes to other monitoring or tracking disruptions, smart vehicle IoT applications undoubtedly open the door to various security and privacy issues, providing malicious actors opportunities to illegally track and manipulate vehicles. Moreover, when vehicle IoT systems malfunction, it can lead to a multitude of vehicle availability issues.
It is worth noting that smart vehicle IoT applications have begun to normalize and become permanent, and addressing the security challenges posed by vehicle IoT applications will be a long-term process.
06. Smart Home Appliances
Security vulnerabilities are no longer solely the responsibility of corporate security personnel; many homemakers must also face firmware malfunctions in smart microwaves and water heaters. Ten years ago, this situation might have sounded like a “tall tale,” but it is becoming increasingly common.
This year, a well-known microwave manufacturer mistakenly rolled out incorrect wireless firmware updates across Europe due to human error by a system administrator, causing microwaves to misidentify themselves as steam ovens, resulting in the damage of tens of thousands of devices. While smart appliances like ovens, microwaves, and refrigerators may not necessarily pose enormous corporate risks like other IoT devices, such situations raise appropriate risk assessment questions: “Is the return on making these devices ‘smart’ really worth it?”
07. Smart Door Locks
Mechanical door locks are the most fundamental, tangible, and familiar security barriers in our daily lives. People lock doors expecting to keep bad actors out, but there is an old saying in the security industry: “Preventing gentlemen does not prevent rogues.”
In the era of IoT “smart locks,” things have become even worse, as the tools for unlocking are no longer hooks but scripts and sniffers. As a device, smart door locks sound cool and are convenient for the average person. However, these devices also pave the way for some attack scenarios.
Smart door locks often come with many seemingly advanced security features, including fingerprint readers, anti-peeping touch screens, and APP control via Bluetooth and WiFi. However, these connected features leave users feeling uneasy about security, as attackers can physically locate and remotely control any smart door lock connected to the vendor’s cloud infrastructure while also stealing users’ private data.
Conclusion
Among the widely used IoT devices, most have various security issues. Therefore, while we enjoy the convenience brought by smart IoT devices, we must enhance our awareness of cybersecurity, understand relevant knowledge, and learn techniques for network defense. The following suggestions can help us use smart IoT products (systems) more safely:
-
Timely upgrade security patches. The network environment is the foundation for the normal operation of the entire IoT. As regular users, we should promptly upgrade firmware or software patches for devices to cope with the constantly evolving network attack methods, ensuring the security and reliability of our IoT device applications.
-
Monitor abnormal changes in network traffic. Utilize the router’s traffic management features to view the network data flow of IoT devices, enabling early detection of suspicious data transmission behaviors and timely blocking of network attacks.
-
Strengthen identity authentication management. When using smart IoT devices to connect to the internet, users are advised to use strong password combinations to enhance identity authentication, defending against hacker cracking, unauthorized access, sniffing, and other attacks. Most IoT devices connect to a central control device, so to prevent IoT devices from being compromised by botnets, it is recommended to regularly update the management password of the central device.
-
Avoid using open-source component products. Many IoT products use open-source code components to build software systems for cost reasons. Such software systems make it easier for attackers to find code vulnerabilities, and many security incidents indicate that attacks on these products are often more frequent than on non-open-source products.
-
Purchase products from mainstream IoT service providers. When selecting smart IoT devices, it is advisable to purchase products from mainstream manufacturers, as large manufacturers typically have higher security requirements for their products and can promptly patch any vulnerabilities found.
Reference Links:
https://www.darkreading.com/vulnerabilities-threats/7-iot-devices-that-make-security-pros-cringe
