The Insecurity of Things
The Internet of Things (IoT) is set to achieve even greater market penetration in 2017, moving us one step closer to the predicted figure of 28 billion devices by 2020. From a consumer-oriented perspective this is good news, but it’s also making waves as the security community struggles to regulate and secure a myriad of increasingly ’connected’ devices.
The convenience offered by IoT technology comes at a price. Devices like routers, webcams and DVRs are often designed with connectivity rather than security in mind. Sold with credentials that won’t (or can’t) be changed, they’re easy targets for hackers. The result? Vast botnets of captive machines, bought, sold and leveraged for some of the largest DDoS attacks ever recorded.
We know that technology tends to outpace security, and the IoT is no different. Where does this leave us, going into 2017? Proactive monitoring – the kind provided by Silobreaker’s OSINT – is one way to guard against emerging threats. But the biggest burden falls on manufacturers and end-users. Firstly, IoT technology must become more secure; hard-coded credentials won’t cut it anymore. Secondly, end-users must take ownership of their devices and learn to manage the associated privacy and security risks. Ultimately, we must also have a conversation about the data these devices collect, and how it is used.