IoT is ever growing network of physical objects that possess an IP address, for internet connectivity and the communication occurs between these objects and other Internet-enabled devices and systems.
Devices are embedded with electronics, software, sensors and connectivity to enable it to achieve greater value and service by exchanging data with the manufacturer, operator and/or other connected devices over a network.
The Internet of Things provides a way to use collected data from sensor devices and various cloud solutions to gather, analyze, and act on data. IoT aims at connecting all potential objects which interact each other on the internet to provide comfort life for human.
Like everything has both good and bad side, so does IoT. It is becoming an increasingly attractive target for cybercriminals. More bridged devices mean more attack vectors and more possibilities for hackers to target. Furthermore, the problem is rising from the thinking of developers and the users, who are more focused on functionality and are taking security lightly.
With the emergence of IPv6 and the wide deployment of WiFi networks, IoT is growing at a dangerously fast pace, and researchers estimate that by 2020, the number of active wireless connected devices will exceed 40 billion.
As the idea of connecting things over networks, the working of networking appliances and other objects is relatively new, security is usually not being considered in product design. IoT products are often sold with old and unpatched embedded operating systems and software. Moreover, purchasers often fail to change the default passwords on smart devices or if they do change them, fail to select a sufficiently strong password. Manufacturers majorly focus on performance and usability of IoT devices but ignore security measures and encryption mechanisms, which is why they are routinely being hacked and widely becoming part of DDoS botnets used as weapons in cyber-attacks.
Recently the world is witnessing botnet attacks which are the result of this negligence. Attackers are using IoT devices to take down the whole Internet of a country and partially succeeded, by launching massive distributed denial-of-service (DDoS) attacks using a botnet of insecure IoT devices infected by the Mirai malware. The malware is programmed to hijack connected IoT devices that are using the default usernames and passwords set by the factory before devices are first shipped to customers.
Cybercriminal has publicly released the source code of Mirai which is an IoT malware designed to scan for insecure IoT devices and enslaves them into a botnet network, which is then used to launch DDoS attacks.
For the success of Internet-enabled applications and devices, it is important for the organizations to make a strong, reliable and secure platform. It is very important for the organizations to take security into consideration while introducing new smart devices.
Authored By - Shefali Singh
TCS Enterprise Security and Risk Management
Rate this article: