IoT (Internet of Things) devices are awesome, we are talking about smart speakers, smart doorbells, smart locks, smart lights, smart smoke alarms, smart TV’s, smart kettles, smart appliances, smart thermostats, wireless sensors, surveillance cameras, security systems and the list goes on and on. If it says “smart” or connects to the internet in any way it can be considered an IoT device but there is one massive problem with them that is the security.
My security prediction for this year is we are going to see an extremely large influx of IoT devices being used as attack vectors to either attack your own internal network or used to attack external parties. It has happened before but I think we are going to see it on a scale that is unprecedented. Think about every IoT device that you may have in your house and now think about if the manufacturer of that product still supports it. I myself have a couple of smart TV’s, some smart lights, some smart speakers and some home automation equipment to turn things like my underfloor heating and hot water cylinder on/off. Just with that equipment alone I know that the TV manufacturers have already stopped issuing updates for the devices and the smaller $30 IoT devices are probably pretty similar.
In 2021 there was a vulnerability called Log4j that made waves around the world and got developers scrambling to fix and update systems before hackers could exploit them, “the number of devices that could potentially be affected by the security vulnerability is approximately 2.5–3 billion”. In other words there was probably a 95% chance you had a device at home that was vulnerable to attack but what has likely happened is manufacturers managed to fixed the bug before hackers got to it, think of it as a giant meteor headed for earth and the scientists managed to deflect the bulk of it but some did still get through. In fact “Cybersecurity company Akamai Technologies Inc. has tracked 10 million attempts to exploit the Log4j vulnerability per hour in the U.S.”
So why should you be worried? Your devices can be turned into botnet devices, a botnet is a network of private computers infected with malicious software and controlled as a group without the owners’ knowledge often used to spam other devices simultaneously to take down other networks or be used to spread more malicious software. When the next exploit comes out, unfortunately hackers will have the ability to use AI to run their hacks and AI is much faster and more organised than humans. Hackers will have the ability to wreak havoc and possibly remotely brick devices rendering them as paperweights.
So what can you do to prevent a hack? You can’t do much to stop a vulnerability but you can prevent the spread of a botnet affecting your other devices. The best thing to do is have all your IoT devices on a separate network from your home network and ideally have all the IoT devices on their own VLANs, this way if 1 device gets infected it can’t see any other devices on the network. But isn’t doing this going to cost more money because you are going to need 2x wireless networks? Not necessarily. Some routers allow for it out of the box, some will allow for it with a 3rd party firmware upgrade and there is an option where you can use your old router as the second network. In a future article we will explain how to use your old router for IoT devices and why it’s a good idea to do so.
If anything is going to get hacked at your home it is likely to be the weakest device with the weakest security and that is likely to be a cheap IoT device, don’t let it infect the rest of your network.
