The adoption of IoT devices ranging from smart home security monitoring systems to medical devices has grown significantly in recent years and so is the interest of cybercriminals towards it. Cyberattacks aimed at IoT devices are growing at a rapid pace as attackers are trying to find new ways to penetrate and disrupt smart devices and gadgets.
Recent cyberattacks on IoT devices
- A manufacturer of IoT and networking devices, Sierra Wireless, had to stop its production after falling victim to a ransomware attack. The attack had disrupted its internal operations.
- In March, a group of hackers breached around 150,000 IoT security cameras inside hospitals, police departments, prisons, schools, and private companies such as Tesla and Equinox.
- Some common weaknesses had exposed smart sex toys to attacks by hackers, as researchers successfully created proof-of-concept exploits affecting We-Vibe Jive and Max by Lovense smart toys.
The vulnerable edges
One of the major dangers of IoT devices is the exploitable vulnerabilities that exist in the firmware of such devices.
- Researchers have discovered two remote code execution vulnerabilities (CVE-2020-28592 and CVE-2020-28593) in a smart air fryer.
- According to new research, at least 100 million IoT devices are not secure and vulnerable to attacks due to a lack of transparency in IoT supply chains and the use of open-source code.
- Recently, around nine vulnerabilities were discovered to be affecting communications protocols used in IoT devices.
Rescue via the legal front
Recently, the U.K government proposed an IoT cybersecurity law to address device security issues.
- The new (planned) legislation ensures that at the point of sale, the suppliers need to indicate the duration till when their products would receive security updates and patches.
- The legislation also bans suppliers from using universal default password presets, and forces them to make vulnerability reporting easier by providing public contact information.
Organizations and users need to realize the importance of security risks associated with smart devices. Organizations are recommended to assess each device’s security and invest in solutions that integrate IoT security to protect the network, data center, endpoint, mobile, and cloud.