How Operators can help to defend the connected home

By Tom Gaffney, Security Consultant at F-Secure
The internet of things (IoT) is a seemingly ever-expanding market, with IDC predicting that it will grow to 41.6 billion connected devices by 2025, carr...

The internet of things (IoT) is a seemingly ever-expanding market, with IDC predicting that it will grow to 41.6 billion connected devices by 2025, carrying more than 79 zettabytes of data. Connected devices have become a mainstay in industries including manufacturing and healthcare, and much of this growth is also driven by consumers purchasing connected devices such as smart speakers and TVs, to thermostats and kitchen appliances. 

There is clearly a lucrative opportunity for vendors, however, these devices need to be robustly secured by manufacturers and service providers, otherwise they could leave the back door open for cybercriminals to enter the connected home. 

IoT threats on the rise

The number of IoT threats observed by F-Secure Labs doubled in 2018, with most using predictable, known techniques to compromise devices. Nearly nine out of 10 observed threats (87 percent) targeted weak or default credentials and/or unpatched vulnerabilities.

Indeed, the FBI has said that threat actors are compromising IoT devices “with weak authentication, unpatched firmware or other software vulnerabilities, or employ[ing] brute force attacks on devices with default usernames and passwords”. 

While these vulnerabilities would allow a threat actor to hijack a device, clearly threat actors are not breaking into the connected home with the aim of controlling the central heating. Instead, IoT devices are generally used as the gateway for further attacks. 

Many of the new threats observed relate to threat actors using the computing power of connected devices to mine cryptocurrency. There is also the risk that, as smart homes are ecosystems of interconnected devices, one connected gadget with weak security could enable a threat actor to compromise the entire network. This could have implications for the privacy of those living in the connected home, with cybercriminals potentially able to find out almost anything about a family’s homelife – for example determining when the home is unoccupied and vulnerable to burglary. Attackers may also use IoT devices as a stepping-stone to data on laptops and mobile devices. Such interconnectivity also means that one infected device could also greatly reduce the efficiency of others. 

These obvious security risks are creating a sense of urgency that a comprehensive cyber security solution is required to defend the connected home. 

SEE ALSO:

Opportunities for securing the connected home 

Aside from the likes of Google, Amazon and other experienced tech giants, many vendors of IoT devices have little or no prior experience in creating them, meaning that they often overlook security. Until recently a lack of regulations has meant that manufacturers were not held to account for poor security. Fortunately, law makers are catching up, with California having introduced legislation to force manufacturers to install security from 2020 and the UK now considering similar measures.

Manufacturers, however, should not simply build in security because they are compelled to by law. Instead, they should be providing greater security in their devices as a selling point. Privacy concerns have come to the forefront for consumers following scandals such as Cambridge Analytica, and they are showing an appetite for tech that protects their personal data.

Manufacturers can begin to produce devices that are able to withstand cyber attacks by following code of practices such as the UK’s Secure by Design. This contains 13 practical guidelines to help manufacturers protect the privacy and safety of consumers, while making it easier for them to securely use their products. 

There is also a significant opportunity for ISPs to provide security to protect all devices within the connected home. By providing a comprehensive set of security solutions such as secure routers, parental controls and apps, ISPs can help protect a network, regardless of the security measures on individual devices. This is likely to be a key selling point for security-conscious consumers.

Consumers want to be safe when they use connected devices, but they do not want to have to do anything overly complicated to do this. By offering easily secured devices and straightforward solutions, vendors have the opportunity to secure the trust of consumers and protect their reputations, both of which will stand them in good stead as the connected home market continues to grow.

By Tom Gaffney, Security Consultant at F-Secure

Share
Share

Featured Articles

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

TECH LIVE LONDON: Begins tomorrow at 10am!

Our marquee technology event is nearly here. There's still time to claim your free ticket (worth £295). Look forward to welcoming you to the Tobacco Dock!

Executive Q&A: Marc Lueck, CISO EMEA, Zscaler

As we prepare to welcome the Zero Trust leaders to TECH LIVE LONDON this June 23-24, we take the opportunity to chat to Zscaler CISO of EMEA, Marc Lueck

TECH LIVE LONDON: Registering, networking and logistics

Digital Transformation

New speaker from Infosys announced for TECH LIVE LONDON!

Digital Transformation

New speaker from Bernadette announced for TECH LIVE LONDON!

Digital Transformation