IoT devices: cybercrime easy target

Internet-connected devices, known as ‘Internet of Things’ (IoT) devices are known as some of the most vulnerable to hackers’ attacks both because of the valuable information they collect and the weak security measures they usually have installed. In fact, 1.5 billion attacks have occurred against IoT devices in the first six months of 2021. A research paper from NordVPN shows that 25% of users do nothing to protect their IoT devices.

The study shows that four out of five Australian IoT users have been recently hacked. For example, in January 2019, a West Australian mother noticed a major security breach of her device when she saw a stranger’s bedroom on the screen of her baby monitor.

A significant IoT attack targeted a company in San Mateo, California in March 2021. A group of hackers gained access to 150,000 of the company’s smart security cameras installed inside hospitals, companies, police departments, prisons and schools. As a result, criminals were able to see videos from women’s health clinics, psychiatric hospitals and other business offices.

IoT devices, by their very nature, collect and send information from one smart device to another. This ranges from increasing a smart lamp’s brightness via a smartphone to controlling a smart camera angle through a PC from another part of the world. Because of the way IoT devices work, attackers only need to identify a single weak point to gain access to all the other individual devices on the network.

While the brightness of a smart lamp might not seem like very sacred information, by hacking the lamp hackers can get access to a baby monitor, for example. In the notorious ‘fish tank’ case, criminals hacked into a poorly protected IoT device and got into the whole network. During that attack, hackers stole 10 GB of data from a casino in North America.

Like computers, Internet of Things devices run on software, but they don’t have the same strong antivirus and firewall systems installed. Once the device gets infected, all the browsing history, passwords and other private data become accessible to hackers. And they won’t miss the opportunity to use this information in ransomware attacks, identity theft, or to sell it on the dark web.

In September 2020 the Australian Government released a code of practice for IoT manufacturers, but there are some other things that users can do themselves to stay protected. Look into the privacy issues associated with the devices you purchase. Review tech sites that dig into privacy and security issues.

As soon as an IoT device is set up, change the default login and password and ensure a different password is used for every account. Use a secure password manager, like NordPass, if passwords are forgotten easily.

Once a month, go over all devices and check to see if there are any updates, or set to update manually. Updates often include patches for known bugs and security loopholes.

Speakers and microphones are not always necessary, but they are useful in a criminal’s hands. The same goes for the Wi-Fi connection in a refrigerator and similar products.

An installed virtual private network on a Wi-Fi router will protect an entire network with encryption, protecting every device connected to the router.