How Operators can help to defend the connected home

By Tom Gaffney, Security Consultant at F-Secure
The internet of things (IoT) is a seemingly ever-expanding market, with IDC predicting that it will grow to 41.6 billion connected devices by 2025, carr...

The internet of things (IoT) is a seemingly ever-expanding market, with IDC predicting that it will grow to 41.6 billion connected devices by 2025, carrying more than 79 zettabytes of data. Connected devices have become a mainstay in industries including manufacturing and healthcare, and much of this growth is also driven by consumers purchasing connected devices such as smart speakers and TVs, to thermostats and kitchen appliances. 

There is clearly a lucrative opportunity for vendors, however, these devices need to be robustly secured by manufacturers and service providers, otherwise they could leave the back door open for cybercriminals to enter the connected home. 

IoT threats on the rise

The number of IoT threats observed by F-Secure Labs doubled in 2018, with most using predictable, known techniques to compromise devices. Nearly nine out of 10 observed threats (87 percent) targeted weak or default credentials and/or unpatched vulnerabilities.

Indeed, the FBI has said that threat actors are compromising IoT devices “with weak authentication, unpatched firmware or other software vulnerabilities, or employ[ing] brute force attacks on devices with default usernames and passwords”. 

While these vulnerabilities would allow a threat actor to hijack a device, clearly threat actors are not breaking into the connected home with the aim of controlling the central heating. Instead, IoT devices are generally used as the gateway for further attacks. 

Many of the new threats observed relate to threat actors using the computing power of connected devices to mine cryptocurrency. There is also the risk that, as smart homes are ecosystems of interconnected devices, one connected gadget with weak security could enable a threat actor to compromise the entire network. This could have implications for the privacy of those living in the connected home, with cybercriminals potentially able to find out almost anything about a family’s homelife – for example determining when the home is unoccupied and vulnerable to burglary. Attackers may also use IoT devices as a stepping-stone to data on laptops and mobile devices. Such interconnectivity also means that one infected device could also greatly reduce the efficiency of others. 

These obvious security risks are creating a sense of urgency that a comprehensive cyber security solution is required to defend the connected home. 


Opportunities for securing the connected home 

Aside from the likes of Google, Amazon and other experienced tech giants, many vendors of IoT devices have little or no prior experience in creating them, meaning that they often overlook security. Until recently a lack of regulations has meant that manufacturers were not held to account for poor security. Fortunately, law makers are catching up, with California having introduced legislation to force manufacturers to install security from 2020 and the UK now considering similar measures.

Manufacturers, however, should not simply build in security because they are compelled to by law. Instead, they should be providing greater security in their devices as a selling point. Privacy concerns have come to the forefront for consumers following scandals such as Cambridge Analytica, and they are showing an appetite for tech that protects their personal data.

Manufacturers can begin to produce devices that are able to withstand cyber attacks by following code of practices such as the UK’s Secure by Design. This contains 13 practical guidelines to help manufacturers protect the privacy and safety of consumers, while making it easier for them to securely use their products. 

There is also a significant opportunity for ISPs to provide security to protect all devices within the connected home. By providing a comprehensive set of security solutions such as secure routers, parental controls and apps, ISPs can help protect a network, regardless of the security measures on individual devices. This is likely to be a key selling point for security-conscious consumers.

Consumers want to be safe when they use connected devices, but they do not want to have to do anything overly complicated to do this. By offering easily secured devices and straightforward solutions, vendors have the opportunity to secure the trust of consumers and protect their reputations, both of which will stand them in good stead as the connected home market continues to grow.

By Tom Gaffney, Security Consultant at F-Secure


Featured Articles

Unleashing the Full Potential of Enterprise IT Investments

Joe Baguley, CTO EMEA at Broadcom, shares his insights into how businesses can revitalise their IT investment strategies in order to boost innovations

Worldwide IT Outage: Industries Face Total Disruption

Multiple business sectors around the world are impacted by a global IT outage impacting Windows PCs, causing major companies to halt services

Apple Shares Surge: What This Means for AI Growth Efforts

With Apple’s shares rising 2.5% to record-levels this week, leaving it a three-trillion dollar market value, AI could be the lifeline to boosting its sales

Cloud vs AI: Why Enterprises Prioritise Data Management

Cloud & Cybersecurity

Gartner: Gen AI Growth Driving $5tn Global IT Spending

AI & Machine Learning

Cybersecurity at 2024 Paris Olympics: Protecting the Games

Cloud & Cybersecurity