The Internet of Things (IoT) is entering our lives at an increasingly rapid pace. Control lighting or air conditioning from the smartphone position is slowly becoming an everyday reality. Also many companies more and more willingly introduce to its processes the solutions provided by IoT (the so-called Industrial Internet of Things, IIoT). According to the latest forecasts, by 2027 41 billion IoT devices will be connected to the network. While there is no doubt that the Internet of Things offers great opportunities, there is no denying that it can also bring a whole new threats. So it is worthwhile to be aware of the dangers that may be associated with the use of IoT.


Source: businessinsider.com/internet-of-things-report?IR=T



Threats


An extensive network of Internet-connected devices creates many opportunities for hacking attacks. The more of such devices, the larger the space that could potentially be attacked. It is enough that the attacker will hack into one of these devices and gain access to the entire network and data in an instant, that flow through it. This poses a real threat to both individuals and whole of companies.

The loss of data is one of the most frequently mentioned threats posed by the Internet of Things. Improper storage of sensitive data such as name, address, PESEL (personal identity number) or payment card number can expose us to the serious danger of being used in an undesirable way for us (e.g. taking credit, stealing money). In addition, based on data collected by home IoT devices the attacker can easily learn about the habits of the household, e.g. the hours when nobody is staying at home, which may enable him to effectively carry out a burglary.

Another of the threats is the risk of the IoT device being included in the so-called botnet, i.e. a network of infected devices that hackers use to carry out various types of attacks. Most often a common botnet attack is a DDoS attack (Distributed Denial of Service), which consists of combining to the website by multiple devices at the same time, which can lead to its temporary unavailability. Another example of how a botnet works is the use of infected devices to send spam or produce a cryptovalent. All these attacks are carried out in a manner unnoticeable to the owner of the device. It is enough, that we click on a link from an unknown source that may contain malware and unconsciously we become part of a botnet attack.

From the companies point of view, attacks on industrial robots and machines, which are connected to the network can be a significant threat. Taking over control of such devices can cause serious damage for companies. For example, hackers can change the production parameters of a component in such a way that there will not be caught right away, but it will make this component useless. Attackers can also cause disturbances in the operation of machines or interruptions in energy supply. These activities are a serious threat to companies, that could suffer huge financial losses as a result.


How can we protect ourselves?


Although it seems to be impossible to completely eliminate the dangers of using IoT technology, there are solutions that we can implement to increase the safety of our devices. Here are some of them:


Strong password

An important aspect of the security of Internet of Things devices is the password. Very often users use simple passwords, containing data that are easy to identify (e.g. name or date of birth). It often happens that the password is the same for several devices, making it easier to access them. It also happens that users do not change the standard password that is set by the manufacturer of the device. It is therefore important that the password is not obvious. Increasingly often, manufacturers are forcing users to use strong passwords by setting the conditions it must meet, i.e. upper and lower case letters, numbers and special characters. This is definitely a very good practice that can increase security on the network.


Software update

Another way is to regularly update the software used by IoT devices. If manufacturers will detect a vulnerability in their security, they can protect users from a potential attack by providing them with a new version of the software that eliminates the deficiencies detected. Ideally, the device should be set for automatic system update, then we can be sure that the device always works on the latest software version.


Secure home network

Securing your home network is as important as setting a strong access password. In this case, it is also recommended to change the original password set by the router provider. Additionally, the home Wi-Fi network should use an encrypted connection such as WPA2-PSK. For best effect you can use the solution, which is VPN, i.e. a virtual private network, thanks to which transmitted data is encrypted and difficult to understand, even if they are intercepted by unwanted people. It is worth mentioning at this point that the use of open public networks are inadvisable.


Consumptionary restraint

Before buying a given device, it is good to consider whether we really need it, or whether we are treating this more like a cool gadget. Let’s remember that every subsequent IoT device in our environment increases the risk of a potential attack. So let’s buy only the devices we really need.


In addition to the above mentioned actions, which should be taken by users of Internet of Things are important, the manufacturer of the device also takes care of its protection. The encryption of network messages, which secures the interception of data during transport is on its side. The most commonly used protection is the TLS protocol (Transport Layer Security), the purpose of which is to secure the data that is transmitted over the network. In addition, the manufacturer of the device should regularly check its security features, so that it will be able to catch any gaps and eliminate them. It is also good to keep the devices secure from the begining before automatic connection to open public networks.

In June 2019 the Cybersecurity Act was established, which aims at strengthening the cyber security of EU Member States. It regulates the basic requirements to be met by products connecting to the network, which contributes to the safety of these devices. Rapid IoT development makes more similar regulations, which will significantly contribute to maintaining a global cyber security.


The advent of IoT technology has brought a huge revolution, both for individuals and for the whole of companies. Although the Internet of Things brings many benefits and facilitations, you must also be aware that it may pose a threat to the security of our data or ourselves. However, it is worth to remember that compliance with a few our principles can make a significant contribution to safety of your IoT equipment.


Sources:
  1. https://www.businessinsider.com/internet-of-things-report?IR=T
  2. https://medium.com/read-write-participate/minimum-standards-for-tackling-iot-security-70f90b37f2d5
  3. https://www.cyberdb.co/iot-security-things-you-need-to-know/
  4. https://www.politykabezpieczenstwa.pl/pl/a/czym-jest-botnet
  5. https://www.cyberdefence24.pl/rewolucja-w-cyberbezpieczenstwie-ue-akt-ws-cyberbezpieczenstwa-wchodzi-w-zycie