IoT devices pose a significant cybersecurity risk than most realize. Unsecured IoT devices provide an easy gateway for criminals looking to get inside a network. Danny Palmer discusses why businesses and consumers should think twice before connecting.
Security risks are increasing as more and more people connect using IoT devices. I talked with Danny Palmer about the threat facing consumers and businesses, the following is an edited transcript of our interview.
Danny: IoT devices are the new kid on the block when it comes to internet active products, and that goes back to 20 years to when people were first really connecting their computers, their desktops, their laptops to the internet. In many ways, it feels as though we’re at the same stage of IoT devices. A lot of people in their homes, a lot of organizations in their offices and other buildings are rushing in and applying these IoT devices to their network. These can include things like monitors, sensors, some of them are everyday products like your kettle.
These are providing benefits to employees and a lot of times they’re saving costs, they’re saving energy, and organizations really want to make efficiencies and make savings like that. But like every product on the internet, if it’s not secured properly it can mean a way in for attackers, and unfortunately, many IoT devices are built with almost no security at all. If the device is discoverable on the internet, and it’s connected to the rest of the network, it’s an easy to use gateway (node) for attackers.
Karen: Can you expand on any specific examples of this?
Danny: Yes, there’s an infamous example, which is spoken a lot about in the cybersecurity community about how an internet connected fish tank, served as an entry point for a cyber attack, which is basically … The attackers found the fish tank on the internet using a search engine called Showdown. It was basically a directory of every internet connected device out there. This cyber-connected fish tank was not properly secured, so the attackers could get into that.
What they did then is they used it as an entry point to the network, which because it was connected on the same network as computers and everything else you’d expect, they were able to move laterally into other parts of the network and find their way into the systems. Basically, because the fish tank was on the same network as the rest of their computers, it provided a gateway for the attackers to get in and do things. If this fish tank had been internet connected and on a separate network to everything else, it would have been fine but because it was a flat network with everything on the same internet connection, it provided an easy way in for the attackers.
That’s just one of many infamous examples of how the internet of things and cybersecurity issues are becoming more and more common. It’s things that might sound kind of far-fetched, but they’re becoming very real issues.
How the IoT is failing to learn the security lessons of the past (IoT devices pose a significant cybersecurity risk than most realize)
The massive cyberattacks which took down some of the most popular websites on the internet show that device manufacturers are not learning from the mistakes of the past.