- IoT manufacturers often favor speed of rollout over security
- Attackers don’t have to work too hard to compromise smart devices
- It’s up to users and ISPs to protect homes and network infrastructure
The IoT landscape is so vast, chaotic and complex that it's impossible to fully grasp just how far it extends and how much of our daily lives it encompasses. Attackers compromise IoT devices to use in larger attacks, steal private information or spy on people. And it's all possible because of the security deficit in the IoT ecosystem. Since manufacturers won't offer any real solution any time soon, it's up to users and ISPs to provide their own security.
In many situations, people are the weakest link in the cybersecurity chain. When they connect to unsafe networks, they often use ridiculously easy-to-guess passwords or open fraudulent emails that promise immediate wealth. But there's a contender out there gunning for that dubious "crown," looking to dethrone people from their position of the weakest link. And that’s IoT.
The Internet of Things promises the future. Devices provide crucial functionality in many cases, and some niche or other is always ready to be filled by an IoT device that wants to do work in an automated way. Smart homes wouldn't be possible without them, and most of us already live in one, even if it's not immediately evident.
IoT looks like a ripe fruit to attackers
One of the biggest problems of the entire IoT industry is the speed of rollout for a new generation of devices, which is often paramount to anything else. Companies forgo proper testing and support to be the first on the market. Sometimes, IoT devices are abandoned almost immediately after launch, leaving users with increasingly unsecure hardware.
The lack of regulation and the fragmentation of the hardware and software market for IoT devices have also contributed to the status quo. The security deficit in the IoT industry is like a window opened wide for attackers. Depending on their goal, they might simply steal private user data, or compromise and infect IoT devices that can be used in much larger attacks against large enterprises, or even to spy on people.
For example, in a recent flurry of bizarre incidents, unknown perpetrators remotely logged into various Ring devices and started to threaten families and scare the kids. In another situation, threat actors used thousands of CCTV cameras, routers and other IoT devices in a DDoS attack that clocked 292,000 requests per second from 402,000 IP addresses.
The solution is simpler than you think
All of this is only possible because the IoT security landscape is a mess. Since the industry is not likely to correct itself any time soon, it's up to the users and their ISPs to mitigate this problem.
Bitdefender's IoT Security Platform provides a powerful security agent that runs inside regular routers, letting users control their environments, protect their networks against DDoS attacks, and even set up network-wide Parental Control rules.
ISPs can work with Bitdefender to remotely deploy this solution in their customers' routers. There's no need to upgrade the routers or get other hardware, as the solution is platform-agnostic and has a very small footprint.
DDoS attacks from compromised IoT devices inside protected networks would become a thing of the past. The same happens with Mirai-like botnets looking for open ports or brute-forcing their way into vulnerable routers and other devices.
Since the IoT industry will not offer the security people need, it's up to ISPs to protect their customers and their own infrastructure from intrusions and bad actors. And it's the user's job to look for an ISP that can offer them this type of overarching protection.