We've already talked about the spread of connected devices for the Internet of Things, which, in 2020, should exceed more than 20 million machines. In a closely connected world where data exchange is key, it seems like a good idea to ask a few questions about security.
IoT and security
Have you heard about Mirai, the malware that converts electronic devices, such as web cameras and routers connected to the Internet, into a remote-controlled bot? The goal of this bot is to carry out DDoS (Distributed Denial of Service) cyber-attacks to knock out services. Last October, Mirai malware affected a lot of users on the East Coast of the US, keeping them from accessing services like Twitter, Netflix and Spotify.
Roberts Stephens, a veteran in the field of technology, connected a Wi-Fi security camera to his network and waited for an attack. It took only 98 seconds for the first malware to show up, a Trojan linked to Mirai. The camera he used was a low-end device and most likely, higher-end devices would offer better protection. But that's not the point.
14/x: so after it loads the first stage Mirai, it then connects out to download the full virus, like from here:— Robert Graham (@ErrataRob) November 18, 2016
Those that we've mentioned (you'll find more in this article) are just a few small examples that should make us think about the possible consequences of these types of attacks; attacks, that with the spread of the Internet of Things, will only increase.
What can we do to avoid them?
Unfortunately, at this time, there isn't any ad hoc legislation. It would require a system of rules that is capable of monitoring the distribution of commercially available IoT devices, as much from the user's point of view as from the producers themselves. As always, however, it'll take a bit of time for rules to be created with any detail.
In the meantime, there are several things that we can, and should do, to securely head out into the world of IoT that already surrounds us. Here are some basic, easy to follow rules to keep in mind:
- Buy trusted brands
- Use passwords that are difficult to guess
- Change default usernames/passwords
- Change passwords regularly
- Keep software on your devices updated
More than ever, we leave the doors to our house open. We need to avoid doing it with the IoT devices we normally use, since, otherwise, someone could steal something very valuable.
There's also one more thing that we should do: inform and be informed. We, the journalists, have the duty to educate the user, you guys, about this topic. Security, I know, seems like a boring issue which is someone else's problem and not ours. However, unfortunately, that's not the way it is. The risk is out there and ignoring it won't help solve it.
It's important to be closely aware of the problem, understand the solutions that brands and governments are implementing, and make them known. We took advantage of the MWC to ask a few of the experts in the matter some questions: We asked Filip Chitry, of Avast Software, and Brian Yee, a Symantec spokesman, the same questions:
- What is the biggest risk related to the Internet of Things?
- Could you give us a practical example of the risks that users may have to face?
- What should governments do in order to guarantee the security of commercially available IoT devices?
- What would you say to users interested in IoT, who are worried about the possible security and privacy problems?
Take a look at our video interviews and let us know what you think. Do you already think about the security of your connected devices and take actions to secure them? Or has this been your wake up call? Let us know your feelings and thoughts on this topic in the comments below.