- Smart homes are already here
- Cybercriminals look for IoT vulnerabilities
- Smart home security is a job for ISPs
More and more people have smart homes these days, and the IoT industry's expansion will likely rapidly increase the number of smart homes. It's a situation that should make everyone happy, but the current state of IoT security should have ISPs a lot more worried.
Every time someone brings a new smart device into the house, they create a new attack vector. While that sounds bleak it's also true, but it's hardly something that most customers think about. The number of IoT devices is ever increasing and will reach around 24 billion units by 2030.
And here lies the paradox. Despite the size of the market and the large attack vector it creates, the security of IoT devices is often abysmal. The problems range from vulnerabilities that manufacturers either fix slowly or not at all, to companies dropping support entirely immediately after launching a new product.
Customers make presumptions, usually wrong, about the security of their home devices. The simplest assumption is that hackers have no interest in your data, that you're just a drop in the ocean. Sensitive user data is only one of the targets for hackers, who usually have different goals when they go after IoT. They are often just interested in compromising devices so they can later use them to mount more aggressive attacks against much bigger targets.
You're part of the IoT ecosystem; you just don't know it.
People can be oblivious to the fact that they already have a smart home, or at least the beginnings of one. Smart speakers, personal assistants, smart cameras, smart fridges, smart cappuccino makers and even smart pet feeders fill our houses. These are IoT devices that make homes more intelligent, even if it doesn’t seem like it.
And like all software and hardware, they probably have vulnerabilities, some known and others waiting to be discovered. The biggest concern is that customers seldom patch their smart devices or are even aware that they can. On the other hand, patching is an optimistic solution because it implies that the manufacturers actually cared enough to fix a problem.
IoT users might not be aware that their home routers are always being probed for vulnerabilities by botnets or that their smart TVs can be compromised, but they should not be the only party interested in home security. ISPs, for better or worse, share this responsibility with users. IoT security is now an issue for ISPs as well for one simple reason: the lack of it is damaging their business model.
How smart are homes and why should ISPs care?
It's easy to define an IoT device: it's anything connected to the Internet. It turns out that we connect a lot of things to the Internet. According to Bitdefender's telemetry, the most common online devices in a home are phones, smart TVs, streaming sticks (Chromecast and alike), game consoles, routers, IP cameras, media players and NAS servers. This list only scratches the surface of what's found in people's houses.
Most devices on this list can be compromised to act like zombies in large botnets controlled by cybercriminals, with customers being none the wiser. The botnets are then used to deploy large DDoS attacks against companies and online services, making users and ISPs unwitting accomplices in cybercrimes.
Think of ISPs as shepherds controlling an extensive infrastructure, just like a user lords over his LAN network. No ISP wants to see DDoS attacks originate from its infrastructure, but it happens every single day. The thing is that ISPs are not powerless in this matter, and they can quickly stop most of these attacks at the source.
Bitdefender's IoT Security Platform is precisely the solution ISPs look for when they consider how to deal with DDoS attacks coming from simple users. It's a security solution that can be implemented directly into smart routers, providing not only DDoS detection and protection but also vulnerability assessment, brute force protection and more.
Such security solutions harden any network, and that's especially valuable for an ISP. If we add the fact that the Bitdefender IoT Security Platform can be implemented in existing hardware and that it connects to the largest threat database in the world, the proposition is no longer a matter of if but of when.