IoT VULNERABILITIES The Internet of Things (IoT) is taking off at an exponential rate. By 2020, it’s estimated that there will be upwards of 21 billion IoT connected devices — and cyber attackers are already looking for ways to exploit this growing sector of technology.
INSECURE WEB INTERFACE
Many devices have built-in web servers to host the web app that manages the device, which can be exploited remotely.
With consumer devices, convenience trumps security. Configuring security settings can be difficult for users, who opt for the insecure default settings.
INSECURE NETWORK SERVICES
More features and capabilities means more code, which leads to more opportunities for attackers to exploit flaws and find security holes.
INSECURE CLOUD INTERFACE
INSECURE MOBILE INTERFACE
INSUFFICIENT SECURITY FEATURES
Many IoT devices connect to the cloud, but cloud management interfaces pose their own potential security weaknesses.
IoT devices frequently come with a mobile interface for user convenience, but another management interface means more opportunity for cyber attackers.
Many IoT devices simply do not provide advanced security features. Options for encryption, seting up a pin, or creating attack logs can provide more security insight for advanced users.
LACK OF TRANSPORT ENCRYPTION
If your device is sending private information over an insecure protocol, anyone could be reading it — and it’s not always clear what information an IoT device might be sharing.
If information on the device is not encrypted at rest, personal information can be found easily if multiple people have access to the device.
INSECURE ERASING ALL SOFTWARE/FIRMWARE PERSONAL INFORMATION
When it’s time to install security patches, users need to be sure that the patch is valid, and the installation process should be simple enough to follow for the most basic users.
LEARN MORE AT: LEARNINGTREE.CA/CYBER Sources: https://us.norton.com/internetsecurity-iot-5-predictions-for-the-future-of-iot.html http://blog.learningtree.com/10-internet-of-things-security-vulnerabilities/
As technology progresses, older IoT devices will end up being sold online. Unless there is an option to wipe data and reset the device, sensitive personal information could end up in the hands of an eBay buyer.