The future of Internet of Things (IoT) is already on us. IoT applications are used in various fields, such as healthcare, energy and industrial automation. Now we know that there are new vulnerabilities of IoT, but we still enjoy the convenience and efficiency that it gives us.
We are seeing significant growth in quality of applications and IoT devices, but cyberattacks are also improving. Since IoT devices have been used in industry, military and other key areas, hackers can also compromise public and national security.
Nevertheless, the majority of businesses and individuals are not sufficiently aware of privacy and security. People are usually too optimistic about how their data is used. Some service providers retain IoT user data for a long time and even transfer this data to other companies without the user's consent, which may increase the risk of confidential information leakage.
As customers usually do not care about security issues, manufacturers tend to focus on product development. Most manufacturers believe that providing security measures will lead to a rise in the cost of the product. Therefore, companies continue to produce new IoT devices with a non-secure default configuration. These devices not only have many known vulnerabilities, but also are simply developed with a flaw in their design.
Companies rarely care about the safety of customers and the subsequent exploitation of their equipment. Instructions for devices are usually as simple as possible and do not give any advice about cybersecurity. The client simply cannot know what kind of confidential information will be assembled, and how to use the device safely. Manufacturers do not take the initiative to help customers install patches or upgrade the firmware and do not inform consumers about new vulnerabilities. Thus, it is much easier for attackers to exploit the vulnerabilities of IoT devices, and this can be done for a longer time, compared to traditional vulnerabilities in computers.
Due to limited consumption and resources (such as cost and actual physical parameters), IoT devices usually do not run full-featured security mechanisms - some of them should be initially designed as light and small (for example, implantable medical devices). Thus, they tend to keep easy to use vulnerabilities, such as "default passwords", for long periods. Because of the limited resource, many IoT devices even interact with the server without encryption or use SSL encryption without checking the server certificate.
As the number of IoT devices increases, the interaction between them becomes more complex and requires less human involvement. IoT-devices can now be controlled by other devices or corresponding devices, or by appropriate software (if-then type), which is popular in various user scenarios. In this case, even if the target device cannot be hacked, intruders can easily change the settings of the connected devices, which is also dangerous for the user.
Most IoT devices do not have their own protection system and lack security-testing software. Smart meters, security cameras, implantable devices, industrial, agricultural and military sensors usually have to function properly without direct access for a long time. It is difficult to connect an external interface to such devices to check the status, so it is difficult to detect the moment when these devices are attacked or combined into botnets.
Many IoT devices, such as wearable devices and smart cars use Internet connections very actively. Such devices often switch from one network to another and communicate with many new unknown devices. Because mobile IoT devices are more likely to join a large number of networks, hackers like to distribute malicious code through mobile IoT devices - to accelerate its distribution.
We should admit that different smart devices became vital for us nowadays. The scope of possible IoT vulnerabilities is significantly big, and even ‘simple’ virus can interrupt a chemical plant, work of smart city or make the car run off the road. There’s plenty of possibilities for good cybersecurity projects in IoT!