Cyberview #6: IoT’s security vulnerabilities & upcoming regulations
Éanna Motherway
February 1, 2024
Table of contents
This episode of Cyberview delves into the evolving world of “the Internet of Things”. IoT, or when everything from your heating system to your car are actually computers and connected via networks, has become commonplace. Press a button 50 km away to warm up your house as you drive home in what Elon Musk calls “sophisticated computers on wheels”. But this convenience comes with a catch. As these machines evolve into increasingly complex computers, the potential attack surface grows. The Cyberview team explores.
IoT Malware Attacks Hit a 400% Increase
So, what’s the problem with these handy IoT devices? In short: they can be hacked – easily. Designed with functionality and convenience in mind, security has taken a back seat. This low level of protection leaves users vulnerable to attack, and IoT devices have become prime targets for cyberattacks. In fact, the Zscaler ThreatLabz research team found that IoT malware attacks increased 400% in the first half of 2023 compared to 2022.
EU Cyber Resilience Act
On a legislative level, the EU is taking this seriously. The upcoming Cyber Resilience Act (CRA) is already striking fear into the hearts of device manufacturers the world over. But for consumers, the future of IoT looks bright, or at least more secure.
If passed, the CRA “would see inadequate security features become a thing of the past with the introduction of mandatory cybersecurity requirements for manufacturers and retailers of such products, with this protection extending throughout the product lifecycle.”
This is a huge development: Device makers will have to ensure the security of their products past sale. That means regular updates, security patches, and consumer safety being higher on the priority list than ever before. It's a big shift towards a more secure digital landscape. Smart and secure homes are the future.
US Cyber Trust Mark
While the EU is laying down the law, the US Federal Communications Commission (FCC) is planning to roll out its new “labeling program for smart devices” in 2024. The Cyber Trust Mark will be the shiny new seal of approval for cyber-secure products.
Jessica Rosenworcel, FCC Chairwoman says: “The Cyber Trust Mark will help consumers make more informed decisions about what kind of devices they bring into their homes and businesses. So when you need a baby monitor, or a new appliance, you’ll be able to look for a Cyber Trust Mark… device manufacturers are going to be able to showcase privacy and security in the marketplace by displaying this mark”.
Manufacturers will be permitted to place the seal on products only after official assessment. And though this is still a voluntary seal, i.e. manufacturers aren’t legally obliged to earn it, it’s a step in the right direction for IoT cybersecurity. If you’re in the US, keep an eye out for this logo when making future device purchases.
IoT vulnerabilities & security tips
While most IoT malware attacks are aimed at businesses (manufacturing and education are among the most targeted sectors), consumers should stay vigilant as well. There are several avenues through which attackers can infiltrate your home networks using IoT devices. Here are a few ways that you can protect yourself.
Default logins – ISPs and modem/router companies tend to distribute network devices with default logins. These credentials are easily accessible online. A typical username is “admin”, passwords might be basic codes like 1234 or 0000. Easy pickings for hackers – and easy for you to change.
Auto-update – If this feature is turned off and you miss security updates, your device will stay open to vulnerabilities longer. Turn on auto-update to avoid this. Smart devices with legacy firmware are the bread and butter of IoT hackers.
Separate network for IoT – Keep your devices insulated from your main home network. This acts as an effective layer of security if one of your devices is compromised.
Principle of least privilege – Turn off certain “smart” features that you don’t use. Why does your toaster have a camera anyway?
With new regulations taking effect this year and our own proactive security measures at home, a safer cyber future is possible for all.