How to secure the Internet of Things (IoT)?

An increasing number of households and businesses are harnessing the power of Internet of Things (IoT). From monitoring systems in warehouses, over smart houses to robot arms in manufacturing plants. But how secure are these systems, and are hackers able to access your home or business through the back alleys of Internet of Things?

What is the Internet of Things?

Firstly, let’s find out what the fuzz is all about! The Internet of Things (IoT) is a network of physical devices that communicates their data through the internet. A thermometer telling a farmer if their greenhouse is at the correct temperature, a video feed streaming to a security agent from a camera or a digital doorbell sending a message when someone rang your door are all connected through the internet.

Admin admin on the wall…

All these small devices can cause big problems when a hacker finds them well. But how does a hacker get access to these devices? The biggest problem with IoT is that there are so many “Things”. And they all need good protection, because one backdoor can give access to the entire network.

Default password

According to OWASP, the method of access most often left open is an unmodified default password. Many manufacturers set an easy to remember username and password to make installation straight forward. However, if these settings are not changed after installation, any hacker can access the device just as easily.

Security updates

Another problem with many IoT networks is entrances that had good locks in the past but it starts to rust through after a while. A lack of security updates on the devices can make them vulnerable to recently discovered attacks. Having a good update mechanism in place can replace old and rusted locks with new ones without headaches.

Insecure ecosystem interfaces

Even with a super secure password and shiny new locks on all the backdoors, the environment is not secure if the front door is left open 24/7. OWASP’s top 10 list also mentions insecure ecosystem interfaces like back- and frontend API’s and user interfaces. Who is the fairest of them all?

The best demonstration of how easily an IoT device can be exploited are the number of security cameras around the world with default password and username exposed on the internet. With a quick google search, you can find plenty of websites hosting these cameras for the world to see. You might be broadcasting your living room, baby monitor camera or smart-doorbell footage for the world to see.

While this example is the most visually shocking, other data can also be harvested by hackers. And thus, it is important to secure all IoT devices on your network sufficiently.

What to do about it?

The best place to start with securing your IoT network is when installing the devices. Start with updating the default username and password. This way you already covered the most common attack hackers use to access devices on the internet of things.

Secondly it might be a good idea to close open ports for services that you won’t use. Many devices support a whole array of different bits and baubles. For every feature you don’t use, there might be an open network port ready to receive a hacker’s attention.

After doing this, a strong update policy for updating all your Internet of Things devices is important to keep the defenses kicking. Hackers often prey on outdated software.

Pentesting

Once you think your network is all closed with shiny new locks and fancy alarm systems, it’s a good idea to hire a professional penetration tester to make sure you did not miss any cracks along the way. This tester will act like a huntsman, hunting down every track to compromise your network. After this they report back with possible vulnerabilities so you can patch them.