Ryan Orsi of WatchGuard Technologies
There is a saying, ‘fast, cheap and good – pick two.’ This appears to apply to the IoT as manufacturers race to get new fast and cheap products to market, but at the expense of security.
There is no shortage of stories where IoT devices have been compromised, but when you start to combine the security vulnerabilities of the IoT with Wi-Fi, things begin to look a lot scarier, says Ryan Orsi, director Product Management at WatchGuard Technologies.
In 2016, the Mirai botnet emerged, taking down Netflix, Twitter and more. It exploited IP cameras, DVRs, and other household routers by scanning open ports connected to the Internet and then trying 61 common user name and password combinations that were found in manufacturer user guides. Once they gained access, the hackers had control of these devices and used them to launch the world’s largest DDOS attack against cloud DNS host Dyn from more than 160 countries.
While Mirai was not a Wi-Fi vulnerability per se it did highlight the fact that Wi-Fi is a major IoT attack vector for hackers. MiTM attacks are often used to gain access to Wi-Fi networks and once in, hackers can search for vulnerable IoT devices and plant back-door malware that will give them access to a network from anywhere in the world.
Think about the impact this could have. For example, telemedicine devices like home heart monitors or blood pressure sensors that gather information and send them back to physicians over Wi-Fi could be compromised. Or what about Point of Sale (POS) systems running payment-processing systems across Wi-Fi connected tablets.
This risk rises to another scale when connecting to a city wide public hotspot. Municipal Wi-Fi is designed to allow all devices to connect to an open, unsecured Wi-Fi network. South Africa has one of the largest municipal Wi-Fi networks, which supports connections from 1.8 million unique devices.
If you join an unsecured open Wi-Fi network with your IoT device, there’s a chance you’re vulnerable to an attack. While this is becoming a hot issue, there remains a clear lack of motivation to secure IoT devices, putting the focus on government to introduce regulations as the fastest way to get manufacturers to prioritise security by design.
Organisations offering Wi-Fi can also take matters into their own hands to help ensure consumer safety.
Until the market demands better security, hackers will continue to exploit vulnerabilities in IoT, costing the industry dearly. But companies can help by taking the necessary steps to deliver secure Wi-Fi for customers and employees. As IoT devices multiply, having secure Wi-Fi will be vital to keeping them safe. It’s time to tell IoT manufacturers that we want better security. If we don’t take security seriously, then neither will they.
The author of this blog is Ryan Orsi, director Product Management at WatchGuard Technologies
Comment on this article below or via Twitter @IoTGN