How IoT technology compromises security


The Internet of Things (IoT) is one of the most pervasive technology trends in the world today. Analysts are predicting there will be 24 billion internet-connected devices in the world by 2020. That’s four devices for every person on the planet!

The rapid growth of IoT devices should be welcomed and feared in equal measure. High-street retailers are now implementing in-store beacons to provide personalised and targeted advertising. People are also flocking to buy smartwatches, rings, and clothing to get a better look into their health.

From educational institutions to professional services firms, businesses are saving money with smart lighting, heating systems, and countless other “smart” devices.

Uninhibited and unregulated, the IoT presents the potential to be disruptive, particularly regarding cybersecurity. With benefits, also comes high risk, because more connected devices mean an exponentially larger attack ground for hackers to exploit.

Many smart devices are poorly supported and come with inherent vulnerabilities that are rarely, if ever, patched. That’s why you should think carefully before connecting an IoT device to your network. After all, these gadgets are designed to be constantly connected and easy to use, but it’s this simplicity that exposes businesses to risk.

What are the biggest IoT security threats?

Anything connected to your network that involves the storage or transmission of digital data should be considered a risk. That’s why many IT professionals remain unconvinced that the benefits of IoT outweigh the drawbacks. This isn’t helped by the fact that reports of attacks on smart technology skyrocketed by 280% in the first half of 2017. Here’s an overview of some of the most common security threats facing IoT networks:

Botnets and DDoS attacks

A botnet is a network of computers or devices that have been infected by malicious malware without the owners’ knowledge. These devices may then be used to carry out distributed denial of service (DDoS) attacks that overwhelm and crash websites, networks, and servers.

With more connected devices than ever before, hackers have set their sights on IoT to launch large-scale DDoS attacks.  These attacks disrupt business operations or, in the worst-case scenario, divert attention away from a more serious attack. The biggest IoT attack so far is the Mirai botnet, which rose to international infamy in 2016 when it infected up to 300,000 devices.

Remote recording

People who tape over their laptop cameras are no longer considered paranoid. Any device with a microphone or a camera can be compromised, allowing hackers to spy on their victims. In 2017, hackers were able to transform internet-enabled televisions into spying devices. An even more disturbing possibility is that internet-connected security systems may be compromised, giving hackers the opportunity to spy on your business.

Advanced persistent threats (APT)

Contrary to popular belief, hackers aren’t always looking for the quickest way into corporate IT infrastructure. The most capable hackers are also the most dangerous, since they tend to be extremely patient, using APT attacks to find vulnerabilities to exploit.

IoT devices often use default access credentials, so can easily be “hacked”. All they do is log in with a username and password that the manufacturer lists in the device’s manual. Just like any other internet-connected device, the very first thing you should do when setting up your device is change the default login credentials. Always use complex passwords and, preferably, an additional authentication factor.

KRACK attacks

Key Reinstallation Attacks, or KRACK, are when hackers exploit a vulnerability in modern Wi-Fi networks to read encrypted information. It allows them to intercept information from any device with a wireless connection. This could be IoT products, smart watches, sensors, and webcams included.

Dvices like computers, smartphones and tablets are usually protected thanks to frequent updates.  However, many IoT devices are poorly supported by their manufacturers, thus leaving them open to a potentially devastating attack.

You can protect yourself by using an encrypted connection or a VPN. Yet, it is strongly recommended that you immediately retire any IoT devices that have yet to be patched to address the KRACK vulnerability.


Ransomware is possible even when an IoT device does not contain valuable data. For example, if a hacker manages to install ransomware in IoT-powered machines in factories, they can shut down production lines unless a ransom is paid within 30-45 minutes.

Even more disturbing is the implication of poor IoT security in the healthcare field. Hackers are able to leverage cyber extortion techniques for connected healthcare devices, such as pacemakers and defibrillators.

Privacy concerns

Reliance on connected IoT devices presents limitless potential for hackers, spy agencies, and business competitors to gain access to private data. Moreover, many IoT devices fail to meet compliance standards for privacy and data protection. Even devices that can’t be used for remote recording, still rely on transmitting data over the internet. Whether that’s medical information in the case of a smart health device or an in-store retail beacon designed to collect data from walk-ins.

That’s why businesses need to retain full visibility into precisely what sort of information their connected devices collect, before taking the necessary security measures.

Using IoT devices safely

As more connected devices are introduced into the workplace, so are more potential gateways to private data. The biggest problem facing many organisations is that they don’t have full visibility into their network map. The map should include every device with an internet connection. To ensure the safety of your digital data, you should immediately retire any outdated or unprotected device on your map. Or, at the very least, ensure that it’s completely isolated from the rest of your network.

At Empower IT Solutions, we understand that modern technology can be either your most valuable asset or your worst enemy. We’re here to help you make sure it’s not the latter. Call us today if you’re looking for transformational technology without the headaches.