The Internet of Things is just beginning to take off. There have been many talks and deliberations on the IoT with many experts saying that it’s the next big frontier for the internet. The IoT has begun integration into devices and we are now seeing the emergence of smart everything; from smartwatches to smart bulbs.
The ability to embed computers in devices has been around for a long time now. However, the ability to connect those devices to the internet so that they can be accessed and controlled remotely has not been there for a long time. That smart devices can connect to the internet of their own and therefore receive instructions remotely has captured the excitement of consumers who are eager for that next generation technology, and this is causing negligence in one very important area; security.
The IoT devices are not a security threat in themselves. However, they present an opportunity through which to access the user’s network and other connected devices. Take for example the recent hacking of a Jeep car through the entertainment system where the test hackers were able to gain control to important car functions such as braking and climate control.
Another is the hack on a Tesla S model where the test hackers were able to gain access to the handbrake and touch screen displays through the entertainment system. These two hacks were carried out from a laptop and the test hackers reported that it was an easy weekend project. At this point we have to state that Tesla to its credit released patch to fix the vulnerability.
There have been reports of smart light bulbs being hacked as they transmitted passwords from one bulb to the next, allowing the hackers to gain access to the Wi-Fi password and therefore all devices connected to the network. There have also been cases of man-in-the middle attacks where s Samsung smart refrigerator was hacked for credentials to the associated Gmail account.
These examples go to show that there is little preparation if any for the security threats that the vulnerabilities associated with the IoT devices present. To stay safe we recommend that the user take measures to secure the network within which the devices are running. This means for example that the user can use a VPN connection to hide the location of the device by making the IPs of devices in the network.
A VPN connection will also encrypt traffic so that a man-in-the-middle attack for example becomes hard to set. Users should also set two point verification for the access to the devices remotely. It is also highly recommended that the users try and not take their devices online when they don’t necessarily need to because that potentially exposes the device, and those in its network to hacking.