A new study created by Andrew Hay of OpenDNS found that the IoT creates 7 major security gaps, enabling hackers easy access into your home network, and larger confidential networks, too, such as the financial and health care industries. Hay calls it the Shadow IoT. (via OpenDNS)
The Internet of Things is gaining widespread popularity, with a promise of ease of use through smart home automation. But, is it safe? That’s what OpenDNS Head Researchers Andrew Hay set to find out last year. Hay warns that emerging IoT infrastructure leaves behind basic capabilities, like security, making your information, and your network, easily accessible to hackers everywhere.
Hay began researching potential security gaps in the IoT in April 2014. The IoT sector is exploding, as companies promise consumers household appliances that make your coffee, refill your icebox and manage your lighting, all from your smartphone. While the lure of home automation is enticing, Hay wanted to know if consumer security would be threatened by connecting millions of devices to the internet.
OpenDNS processes roughly 2% of the world’s DNS requests. This put the company, and Hay, at a unique advantage to watch exactly how IoT traffic functioned in real-time. Hay targeted top IoT devices, like FitBit exercise trackers, and determined the communication patterns of these devices, when they communicate and where the information goes. The results were unnerving.
Hay found seven key security breaches in IoT devices. Even some of the most well-regulated industry networks, including government, health care, energy, financial services and retail, are frequently penetrated by IoT devices. These devices provide a new avenue through which hackers can compromise networks, which are both out of the control of the user and the IT manager. These vulnerabilities may also provide easy access for hackers to enter IoT hosting sites, such as FREAK and Heartbleed.
With this, some IoT manufacturers knowingly placed IoT infrastructure at high-risk cyber addresses. Many popular IoT devices, such as FitBit, Samsung Smart TV and Western Digital My Cloud continuously beacon information to distant (and sometimes insecure) servers, whether or not they are in use, allowing easy access point for malicious hackers. Lastly, nearly one quarter of all 500 IT and security professionals have no way of preventing outsiders from connecting to their IoT network.
Hay said his research wasn’t conducted with the intent of scaring the public into abandoning the IoT, but instead, to address very real network insecurity the new technology creates. Although Hay’s report has been publicized and is available for free online, few seem to be taking the threat seriously. The IoT industry is growing, but security measures to protect confidential networks and consumer information are not.
If nothing is done about the network insecurities of the IoT, it means malicious hackers will have an easy way into confidential networks, including health care, financial services and retail. With this, cyber bullies can also access your personal IoT devices, including IoT home security systems, and monitor your activity. Still, consumers and developers alike are brushing off these threats, or so it seems, since nothing is being done to correct the issue.
Our advice to you: wait to automate your home until the IoT has better security infrastructure. While it’s probably inconsequential if a malicious hacker knows your daily calorie output from your FitBit, knowing your sleep schedule or being able to hack into your network through the device puts you at risk of having your personal information or home security compromised. Our advice is not to take the risk, and to demand IoT manufacturers make your security a priority. Consumers have all of the power. If we demand better security, together, we can see the future of IoT become both a consumer friendly, and safe, world.
C
See more news at: