IOT a hackers paradise

SAN FRANCISCO – With the massive influx of connected devices into our digital lives, it’s no surprise that IoT security was on the forefront of the 2018 RSA Conference this year. But despite numerous talks about IoT vulnerabilities this week, a clear resolution seems nowhere in sight.

“A lot of the manufacturing behind IoT devices today feels like the Gold Rush… everyone wants to get there in a hurry,” said John Cook, senior director of product management at Symantec, speaking at RSAC. “You effectively have people staking out a claim in the area without further thought to security.”

IoT smart home devices make up a particularly lucrative market, with consumer IoT spending set to reach $62 billion in 2018, making it the fourth largest industry segment, according to market research firm IDC. However many of these devices are built with little to no security in mind.

The 2016 Mirai botnet attack,  which was orchestrated as a distributed denial of service attack through 300,000 vulnerable Internet of Things devices like webcams, routers and video recorders, showed just how big of an impact the lack of IoT security has.

Since then, however, little seems to have changed in terms of security for connected smart home devices. Tony Anscombe, global security evangelist with ESET, proved this by spending months testing 12 IoT devices such as smart scales to wearables, and found an array of security issues – from passwords stored in plain text to encryption issues.

“We saw unencrypted firmware updates, unencrypted video streaming for cameras, communication and server in plain text and passwords stored unprotected. We saw privacy policy concerns,” he said during RSAC.

For instance, a Nokia Health Body+ Scale, Nokia’s IoT scale that connects to a smartphone to track progress and collect data like body fat and BMI, was susceptible to a man-in-the-middle (MITM) attack between the Android app and the cloud, allowing hackers to intercept firmware updates and access that data.

While IoT security has been criticized over the past few years, IoT device privacy is another rising pain point highlighted at RSAC, particularly with the rise of voice assistant devices such as Amazon Echo and Google Home.

“One issue we found with these [IoT] devices is that it might not be a vulnerability – it might be that we’re oversharing data,” said Anscombe.

In the case of the IoT scales, these scales could be connected with Amazon Alexa so that data stores various interactions between the scale and the user – a “cybercriminal’s dream,” said Anscombe.

Despite the various security issues with IoT devices, significant steps still need to be taken from both IoT device manufacturers and the end users themselves to ensure device security.

The Dongler is the solution, connect all your Iot devices to it and you protected against Cybercrime, hackers get blocked.