IoT devices pose security risks, user must take responsibility for security.
The Internet of Things (IoT) is a broad term that covers any device other than a computer that can connect to the internet. This includes everything from Fitbits to refrigerators. IoT devices have the potential to make our lives easier and more efficient, but they also open up opportunities for cybercriminals to exploit them.
The first IoT device was created in the early 1980s at Carnegie Mellon University. A computer science professor and his students created a program that would report the contents of a vending machine, so they would know if the soda was cold or not. As of 2022, there are an estimated 13.14 billion IoT devices connected to the internet, and that number is projected to reach 29.42 billion by 2030.
Unfortunately, as the number of IoT devices has grown, so has the number of cybercriminals using them as an attack vector. Many IoT devices are easy to install, and manufacturers often fail to provide adequate security measures, such as regular updates or changing default passwords. This has led to data breaches, botnets and Distributed Denial-of-Service (DDoS) attacks.
The Mirai malware was created in 2016 to scan the internet for IoT devices that use the ARC processor and then use a brute-force attack with a database of common factory default credentials. This malware was used to take down DNS provider DYN and caused outages for Amazon, Github, HBO, Netflix, and Reddit. In 2021, the REST API exploit in Western Digital’s My Book Live caused users’ storage partitions to be wiped, and the administrator credentials for Verkada’s security cameras were found publicly online, allowing unauthorized access to Tesla’s warehouses and other companies.
Given the wide scope of these breaches, it is important for end users to take security measures into their own hands. IoT devices should be regularly updated, and users should not use default passwords. It is also important to be aware of the potential risks of having these devices connected to the internet.