The Internet of Things is vast, complex, and filled with risk – but network security can simplify it
Around the world, the millions of internet-connected gifts we exchanged over the holidays have been set up, making our homes “smarter.” And less secure.
Alexa, play scary music.
Relax. The robot dogs who can bark in six languages and the smart fridges that can file your taxes are not plotting against you in the middle of the night. That sci-fi Hollywood trope does us a disservice. The Internet of Things is much more interesting than that.
It is vast, diverse, and filled with weak credentials. Recently news broke about a leak of a massive list of Telnet login credentials for more than 500,000 servers, home routers, and smart devices, leaving them vulnerable to attack.
On that day, Avast Threat Labs saw cybercriminals attempt to access the Telnet port of our 500+ honeypots around the world 347,476 times. This shows that bots are constantly searching for weak internet connected devices to infect and add to their botnets.
The IoT is complicated – it’s not a simplistic Hollywood cliche. It’s a vast ecosystem of millions of unique vulnerabilities. But your part of it can be simple.
Our researchers at Avast worked with colleagues at Stanford University to analyze user-contributed scans of 16 million homes and 83 million devices. (No personally identifiable information was ever involved.) The researchers found two things all of us should understand.
First, there isn’t one Internet of Things – there are many. For instance, surveillance cameras are most popular in South and Southeast Asia, work devices such as fax machines prevail in East Asia and Sub-Saharan Africa, and home assistants are uniquely present in North America. That’s not one simple ecosystem; it’s a patchwork of wild diversity. And there is a distressing lack of standardization in the devices.
Second, the greatest risk likely doesn’t come from your shiny new devices, but from your dusty forgotten ones. (Although every single one should be set up with a unique password, and don’t forget about your router.) That old printer in the corner of your office may be like a broken backdoor into your network. Part of the Hollywood misconception is that the smarter devices are, the more dangerous they are – think menacing robot geniuses. Sophistication typically has nothing to do with risk. Any connected device with weak security can make your entire home or office vulnerable.
I’ve called the Internet of Things a ticking time bomb, but in the interests of a more optimistic new decade, I’d like to amend that a bit. Think about each of your wired devices as a tool – because that’s what it is. Even IoT toys do the “work” of providing fun.
Don’t leave your tools out in the yard. A kid could step on that saw. Some stranger could pick up that hammer and smash your windows. Your IoT devices can be like powerful tools strewn around – and are potentially dangerous.
The IoT is complicated – it’s not a simplistic Hollywood cliche, but a vast ecosystem of millions of unique vulnerabilities. Your part of it can be simple, however, if you can get all your smart devices in one place. And we can help with that.
Avast CEO Ondrej Vlcek is a recognized industry speaker who has led Avast’s transformation from a traditional PC antivirus vendor to the leading provider of a full portfolio of protection, privacy, and performance products. He executes on Avast’s vision to deliver people-centric security and spearheads the company's product innovation program for emerging consumer technology categories.
Many companies already have their hands full trying to improve their security posture as they migrate their IT systems to the cloud. IoT risks have been a subset concern. But now, Covid-19 has shoved IoT exposures to the front burner.
Here's how an obscure, anonymous conspiracy theory get so popular that the President of the United States has talked about it.