In the technology world, Internet of Things devices are known as some of the most vulnerable to hackers’ attacks both because of the valuable information they collect and the weak security measures they usually have installed. In fact, 1.5 billion attacks have occurred against IoT devices in the first six months of 2021. Still, NordVPN's research shows that 25% of users do nothing to protect them.
Out of the recent attacks, the most significant one happened in March of 2021, when a group of hackers gained access to 150,000 of Verkada’s smart security cameras used inside hospitals, companies, police departments, prisons, and schools. As a result, criminals were able to see videos from women’s health clinics, psychiatric hospitals, Tesla Inc., and Verkada’s offices itself.
“The number of IoT devices is growing. In fact, NordVPN’s research showed that almost 88% of users have at least one IoT device in their household. Every year, a new smartwatch or baby monitor is being released and people rush into buying these products thinking that the risks they present will somehow bypass them. But if huge companies with good cybersecurity practices in place get affected, regular users should be concerned as well,” a digital privacy expert at NordVPN Daniel Markuson said in a statement.
Why do hackers love IoT?
IoT devices, by their very nature, collect and send information from one smart device to another. This ranges from increasing a smart lamp’s brightness via a smartphone to controlling a smart camera angle through a PC from another part of the world.
Because of the way IoT devices work, attackers only need to identify a single weak point to gain access to all the other individual devices on the network. While the brightness of a smart lamp might not seem like very sacred information, by hacking the lamp hackers can get access to a baby monitor, for example. Recordings of a sleeping child could be valuable data for blackmailing the family.
“The most famous case, when criminals hacked into a very poorly protected IoT device and got into the whole network through it, was the “fish tank” case. During that attack, hackers stole 10GB of data from a casino in North America by getting control of a smart fish tank. This only goes to show how creative cybercriminals get nowadays and why we should be more cautious about it,” Markuson said.
In addition, if an IoT device (a smart TV, for example) is used for web browsing, it can be infected with various viruses too. Like computers, IoT devices run on software, but they don’t have the same strong antivirus and firewall systems installed. Once the device gets infected, all the browsing history, passwords, and other private data become accessible to hackers. And they won’t miss the opportunity to use this information in ransomware attacks, identity theft, or sell it on the dark web.
What can be done to protect the privacy of IoT devices?
“IoT devices are useful, fun, and really do make our lives easier. So you don’t have to ban them from your life completely. Instead, implement some safety measures to make sure your data and privacy are protected while using them,” said Markuson, who provided some tips to all IoT users.
- Look into the privacy issues associated with the devices you purchase. Review tech sites that dig into privacy and security issues or buy devices certified by organizations like ioXt.
- Change the passwords. As soon as you set it up, change the default login and password of your smart device. And make sure you use a different one for every account. Use a secure password manager, like NordPass, in case you forget passwords easily.
- Update regularly. Once a month, go over your devices and check to see if there are any updates, or set them to update manually. Updates often include patches for known bugs and security loopholes, so don’t skip them.
- Turn off features you don’t use. Speakers and microphones are not always necessary, but they are very useful in a criminal’s hands. The same goes for the WiFi connection in your fridge and similar features. It’s an unnecessary risk, so consider disabling them.
You will find more information on possible vulnerabilities and the ways to be protected on NordVPN’s research page.