New IoT solutions build a new reality, fundamentally shifting from traditional approaches to automated and smart ones. Despite their valuable contribution to society, security experts frequently highlight flaws in such mechanisms. Even though IoT devices implements convenience and connectivity, it also creates new attack routes for hackers or intrusive parties.
The Scope of IoT
The use of IoT in almost every industry is remarkable. In our domestic life, we opt for smart doorbells, smartwatches, home-security systems, etc. All of these additions generate a convenient and safer environment. However, we see innovation in the form of bike and scooter rental stations, internet-connected visitor kiosks, and so much more.
IoT is also incredible in the way researchers and companies monitor pollution levels and gather accurate data to monitor the environment overall. So, IoT is not limited to any industry, and it will probably continue to improve other spheres as well. Such an overwhelming application of IoT demands security, especially with the abundance of flaws that surface to the public eye.
Intro to IoT Stability and Flaws
Every new attack affecting IoT devices is a rude reminder of the risks that 3rd party bugs pose to devices connected to the internet. The recent Ripple20 vulnerabilities had revealed how fragile the cybersecurity protocols were when millions of IoT devices across the globe were affected. The report included warnings that the flaws could allow hackers to steal data from printers or disrupt industrial control devices’ behavior.
According to an estimate, over 31 billion IoT devices perform a wide range of critical tasks, including operating life-saving medical tools, transforming vital business processes, and facilitating smart transportation. Surprisingly, the majority of these devices are susceptible to hacking attacks. A big reason behind these vulnerabilities is OEMs’ over-reliance on 3rd party vendors that deliver codes containing multiple entry points that hackers can easily exploit. A glaring example of one such third party causing the Ripple20 vulnerabilities is the Ohio software company.
A recent study by the Ponemon Institute revealed that 6 out of 10 companies never monitor the cyber risks posed by third-party IoT devices. Now, this leaves thousands of IoT device manufacturers at the mercy of hackers while exposing them to substantial financial losses as well as reputational damage. Thus, it’s only the original equipment manufacturers that can safeguard the IoT devices against these vulnerabilities, especially because end-users often don’t possess adequate security tools to protect their devices.
Innovations drive the rapidly changing IoT landscape; however, it is challenged by new vulnerabilities. Now, there’s no single remedy, and manufacturers have to assume accountability while securing every device. Manufacturers can guarantee IoT innovations' security and prevent attacks on these connected devices.
What are the Risks of Inadequate IoT Security?
Inadequate cybersecurity affects almost every one of us, and the Ripple20 case has reinforced previous findings. A total of 19 bugs were found in the code sold by Treck. This code is in almost all the devices used by people, including homemakers, students, shopkeepers, and even Fortune 500 organizations. Industries affected by these vulnerabilities included energy, retail, transportation, and more.
Even the Zephyr Real-Time Operating System (RTOS) that powers a wide range of IoT devices has been marked for 26 vulnerabilities. Some major companies support these IoT devices, including big names like Intel, Texas Instruments, and Nordic. Vulnerabilities such as SweynTooth, which includes twelve 3rd party security risks, have affected IoT medical devices. Thus, cybersecurity risks have extended beyond general property or reputation to life-saving devices. Hackers can now steal critical medical data and even go to the extent of stopping devices like heart monitors etc.
New Challenges for OEMs
Policymakers across different verticals are aware of these revelations of the IoT bugs, which is a good sign. Responsibility for securing IoT devices has shifted on to the shoulders of device manufacturers, and the regulatory measures are holding them responsible.
A new California law has taken effect from January 2020 wherein IoT OEMs are required to equip every device with cybersecurity tools or features that would offer device-specific protection. For instance, securing information it transmits or collects. These cybersecurity tools must safeguard devices against unauthorized manipulation or access. California is the second state after Oregon to enforce IoT specific cybersecurity laws.
Even the UK Department for Digital, Culture, Media, and Sport has introduced similar regulations, which ensures that there’s a point of contact for the public for reporting and responding to the vulnerabilities. Under these regulations, OEMs must mention the minimum duration for the device security updates.
It’s expected that governments all over the world will join the regulatory efforts while pressuring the OEMs to act swiftly to protect the devices. Securing critical personal and financial information is extremely important, and IoT devices should never be marketed without proper security tools installed on the device.
Virtual Private Networks as a Step Towards Security
A VPN (Virtual Private Network) is a reliable option to guarantee integrity and privacy when using internet-connected devices. When you go online, your communication with the internet is not secured, and, in many cases, snoopy entities can intercept it relatively easily. An online VPN and IoT go hand-in-hand to reinforce more private access to the internet. It reroutes your traffic to its servers and encrypts it with high-end protocols. In addition to concealing your activity, a VPN prevents IP-based tracking.
Original equipment manufacturers must take every possible step to ensure that critical data of their customers are secured, and lives or livelihood remains unaffected even if the IoT devices are hacked. Innovations are throwing up new challenges to original equipment manufacturers, and there’s every possibility that they might shrug their responsibilities while compromising security for profits.
Thus, governments across the globe must step up their efforts to ensuring the safety of critical data, including medical data, of IoT device users. Many IoT devices receive a tremendous amount of information about their clients. It could extend to our sleeping or eating habits, routines, health, and other private affairs. Hence, it is vital that companies choose to innovate their products not only in their features and capacities. Security that goes beyond elementary implementations is a must. As a consumer, you have a unique task as well. The products could be improved with additional software or settings configuration.