5 Security Flaws Commonly Found In IoT Devices

While programmers and manufacturers of IoT devices likely have the best intentions in mind, hackers are always one step ahead. The minute a new generation of products is connected to the web, there is someone somewhere trying to access them with malicious intent.

Over 50% of IoT devices are vulnerable to severe attacks and an astonishing 98% of IoT device traffic is unencrypted. At the same, time use of these devices is exploding both in the home and business markets. 

Between 2020 and 2025, the number of connected IoT devices is projected to rise from 20.4 billion to 75 billion.

These smart gadgets are just one more complication in the cybersecurity strategy for any Rhode Island business, which has already been impacted by the use of cloud, mobile devices, and a remote workforce.

Unfortunately, IoT device security hasn’t quite caught up to that of PCs and servers from both the manufacturers’ and users’ standpoints. While companies can control bandwidth priority using Quality of Service (QoS), that doesn’t specifically address the security of any smart gadgets they may be using. 

To safely take advantage of the Internet of Things and all the new smart home and business gadgets coming on the market, it’s vital to understand how exactly these devices are vulnerable and what you can do to prevent yours from being hacked.

How Are IoT Devices Accessed? 

As with any endpoint, an IoT device can be accessed in multiple ways. They also have several inherent issues that tend to make them one of the riskier endpoints on a network. 

Hard-Coded Passwords

Many IoT devices have passwords that are hard coded into the firmware of the device. Hackers can easily exploit these, as they’re not hard for them to find. 

Even manufacturer passwords that can be changed, often aren’t by users. Or at least not before a hacker can exploit them. Some IoT devices are targeted as soon as five minutes after being connected to the internet.

Failed Encryption

As we mentioned earlier, as much as 98% of IoT traffic is unencrypted. This is often due to problems with using outdated encryption standards like the Data Encryption Standard (DES), which allows hackers to easily exploit the keys to gain access to any data traffic to and from the device.

Open Source Software

While you may trust the manufacturer of an IoT device, what you may not know is that there’s a chance some of the internal coding came from a third-party open source platform.

Open source code makes it easier for rapid development of new technologies, but it also makes it easier for hackers to figure out how to break in because they can easily get a copy of the code used for a device. 

Unauthenticated Access

Many IoT devices come with Plug and Play (PnP) and other features designed to make it easy for the device to connect to others that you may have. 

Unfortunately, this often means that access to the device isn’t properly authenticated, which leaves a door wide open for hackers to use those PnP protocols to connect to your video camera, router, or other IoT device.

Hidden Backdoors

Another way that hackers gain access to smart devices is through hidden backdoors that a manufacturer may code into the firmware of an IoT device. These are typically designed to make it easy for customer support to assist someone remotely but can also leave a door open to a hacker.

 Best Practices for Keeping Your IoT Devices Secure

 Following are best practices for keeping your IoT devices secure.

 Update Firmware Regularly

 Many hackers take advantage of known vulnerabilities in the code of an IoT device. Manufacturers work to close these vulnerabilities by issuing updates with security patches to the firmware that runs a device.

 Many users don’t know to look for updates for IoT devices because they don’t always come with a prompt like the ones on a computer.

 Make sure you regularly check for any firmware updates for IoT devices and apply them promptly to close any potential risk areas.

 Immediately Change the Default Username/Password

 One of the very first things you should do when setting up an IoT device is to change the default manufacturer username and password.

 Use a strong password that is at least 10 digits and uses a combination of letters, numbers, and symbols.

 Change the Device Name

Each device on a wireless network is identified by a name. If you name your security system, "Front Door Security Camera, 111 Elm Street," then a hacker can easily zero in on that device for a hack.

Make device names non-descript and do not include any personally identifiable information in them that hackers could use for their own purposes.

Disable PnP & Any Unneeded Features

Because PnP is one of the popular ways that hackers get into IoT devices, you’ll want to disable this feature to improve security.

It’s also a good idea to disable any features of the device that you don’t need. For example, some data may be shared with the manufacturer or a community of users without your knowledge through a sharing feature that was defaulted to "on."

Need an IT Security Strategy that Includes IoT Devices?  

Onsite Techs of Rhode Island can help your business with a robust IT security strategy that includes all your standard computers and hardware in addition to mobile and IoT devices.

Contact us today to set up a security consultation at 401-773-7766 or reach out online.

References linked to: