As manufacturers increasingly scrap “dumb” devices in favor of smart Internet-connected versions, smart homes are growing around their owners, enveloping the humans that own them without them being aware of it. The once romanticized notions of the smart house, often portrayed on TV as a cheery aide to a seamless life, have given way to privacy invasions, data breaches, and ruthless ransomware attacks targeting network-attached storage. If improperly configured, or shipped with vulnerabilities and security hazards that were overlooked during quality assurance, these devices can spell catastrophes for privacy and data integrity. They can even jeopardize the integrity of the Internet itself.
2023 IoT Security Landscape Report: Key Findings
A recently released report “2023 IoT Security Landscape Report” brings into sharp focus the immense security concerns involving IoT devices. Based on threat intelligence sampled by 2.6 million smart homes around the world, the NETGEAR Study investigated nearly 120 million IoT devices. The study revealed that IoT devices are generating a whopping 3.6 billion security events around the world every day. This translates into 20 connected devices per household, with 8 cyber attacks occurring every 24 hrs.The report, no doubt, makes shocking revelations about the vulnerabilities of Smart Homes. To get a clear understanding of these Smart Homes, let’s take look at the most popular devices and the top vulnerabilities affecting them:
- SMARTPHONES– Almost 41% of the devices connected to home routers are smartphones. This number includes guest devices that can be temporarily associated with the network.
- COMPUTERS– Computers and laptops are the most common devices found in connected homes. While they have lost to mobile devices in popularity, they still witness steady growth worldwide.
- STREAMING DEVICES– Streaming devices are popular means of turning a “dumb” TV into an Internet-connected device.
- TABLET– Tablets have gained significant traction during the COVID-19 outbreak as schools have started issuing tablets for online education.
- CONSOLE– Game consoles also double as entertainment centers. They come with dedicated hardware and software for playing games and typically connect to a TV or monitor to display the game.
Common Vulnerabilities of IoT Devices
Going by the security incidents of 2022, most attacks spotted last year rely on already known common vulnerabilities and exposures (CVEs) included in automated attack toolkits. Although these common vulnerabilities are known to both IoT vendors and attackers, firmware vendors may take significant time to assess, patch, and deliver fixes for the devices already deployed in smart homes. This potentially provides cybercriminals a window of opportunity. Blocking these attacks, calls for layered technologies to stop them cold before they reach the vulnerable IoT device in your network.
The exploitation of IoT devices targets different outcomes, depending on device type and purpose, connectivity options, and monetization opportunities. Vulnerability outcomes range from undermining the systems’ capacity to perform expected functions to executing code on the device and hijacking its functions.
IoT RISKS TO CONSIDER
- CYBERSECURITY RISKS: Smart homes are vulnerable to cyber-attacks, as many IoT devices have weak security measures. This can allow hackers to gain access to personal information, such as passwords and financial data, and even take control of smart devices.
- PRIVACY CONCERNS: Many smart devices are equipped with cameras, microphones, and other sensors that can collect data about users without their knowledge or consent. This can result in a violation of privacy, which is of particular concern for in-house deployment.
- PHYSICAL SAFETY RISKS:Smart plugs, door locks, and cameras are becoming increasingly popular. These devices control physical security aspects such as lighting, access control, and surveillance. Any disruption in operation or loss of control can impact physical security.
- Privacy concerns will demand change -IoT devices thrive on big data. An FTC study in 2015 estimated that “fewer than 10,000 households can “generate 150 million discrete data points a day” or approximately, one data point every six seconds for each household. Today, things are even worse. The 2022 Connectivity and Mobile Trends Survey by Deloitte outlines that one in two IoT users expressed concerns over the security vulnerabilities in smart home devices that might expose the troves of collected information, while 40% of respondents fear that they might be spied on.
- Botnets will continue to grow -IoT devices will increasingly become targets for botnets, which can launch large-scale distributed denial-of-service (DDoS) attacks. Cybercriminals will continue to invest significant efforts in exploitation and persistence mechanisms to help them grow their infected device base.
- IoT security will get worse before it gets better– Vendors’ slow reaction to vulnerability disclosure and patching will persist into 2023. Although new regulations – such as the EU Cyber Resilience Act -are anticipated to provide some relief by imposing mandatory cyber-security standards for products sold within the bloc, their enforcement is not expected until at least 2025.
TOP SIX BEST PRACTICES TO SECURE YOUR IOT DEVICES
- Both home users and employees should be aware of active IoT devices in their networks and keep them up to date. If some devices are past their life, replace them immediately with newer models.
- Move all smart devices to a dedicated guest network to isolate them from the main network
- Patch devices as soon as a new firmware version becomes available.
- Use routers or gateways with built-in security.
- Probe the home network for vulnerable devices with a smart home scanner
- Avoid exposing LAN devices to the Internet unless necessary