Internet of Things (IoT) Security Issues

In the past, I discussed how the Internet of Things (IoT) could eventually cause a wealth of problems on the Internet, including security breaches, in a number of my books and articles. Some of my strongest warnings came in Build Your Own PC on a Budget and Security for Web Developers, but I included warnings in other places as well. Unfortunately, the worst case scenario has occurred according to the ComputerWorld article, Armies of hacked IoT devices launch unprecedented DDoS attacks. Yes, your DVR or smart television might have turned into a zombie at this point and now works for someone else committing crimes. All it takes is a little negligence on your part and your device will take a walk on the dark side.

The article is worthwhile reading because the statistics sound like something out of a bad science fiction novel. If anything, my warnings were too tame and I should have used my imagination a bit more in exploring just how bad things could get. Yet, I’ve received e-mail from readers who found the warnings I did provide barely believable. It didn’t seem possible that something as simple as the router installed to provide broadband support for your digital telephone could possibly cause any sort of problem. After all, your old telephone system never went on the attack. The thing is, any device that connects to the Internet today probably has enough intelligence to do harm, especially the IoT devices that everyone assumes just work.

IoT devices are actually some of the best targets for hackers. The users who have them barely know how they work, have no clue that they should change the password, and wouldn’t care even if they could figure it out. After all, the goal is to see Sunday afternoon football, not to configure security for a device. Vendors share in the blame because anyone with even a modicum of common sense would know that users have no desire whatsoever to change device passwords. IoT devices should go out with a unique password printed in a place that the user can easily find on the device, should it ever become necessary to access the device (and it might not ever become necessary). If hackers faced a unique default password for every device, the IoT devices would likely remain relatively secure unless hackers could somehow figure a pattern out in the password assignments. Ensuring the unique password is printed on the device means the user won’t lose it.

It’s not as if changing IoT device passwords is easy anyway, so hackers have every reason to believe that the default password is still in place for the majority of these devices. A recent device purchase pointed out to me that some IoT devices view even password changes as unwelcome user fiddling—it took nearly 20 minutes of reading to discover how to change the password using an arcane set of remote control clicks. Until this situation changes, you must expect that hackers will continue to use IoT devices to perform various kinds of attacks and that device owners will continue to remain oblivious about their cherished device’s life of crime. Let me know your thoughts on IoT security at John@JohnMuellerBooks.com.

 

Author: John

John Mueller is a freelance author and technical editor. He has writing in his blood, having produced 99 books and over 600 articles to date. The topics range from networking to artificial intelligence and from database management to heads-down programming. Some of his current books include a Web security book, discussions of how to manage big data using data science, a Windows command -line reference, and a book that shows how to build your own custom PC. His technical editing skills have helped over more than 67 authors refine the content of their manuscripts. John has provided technical editing services to both Data Based Advisor and Coast Compute magazines. He has also contributed articles to magazines such as Software Quality Connection, DevSource, InformIT, SQL Server Professional, Visual C++ Developer, Hard Core Visual Basic, asp.netPRO, Software Test and Performance, and Visual Basic Developer. Be sure to read John’s blog at http://blog.johnmuellerbooks.com/.

When John isn’t working at the computer, you can find him outside in the garden, cutting wood, or generally enjoying nature. John also likes making wine and knitting. When not occupied with anything else, he makes glycerin soap and candles, which comes in handy for gift baskets. You can reach John on the Internet at John@JohnMuellerBooks.com. John is also setting up a website at http://www.johnmuellerbooks.com/. Feel free to take a look and make suggestions on how he can improve it.