Internet-connected devices are set to see an explosion in popularity—by the end of this year, one estimate suggests there will be 8.4 billion Internet of Things (IoT) devices in use. This trend promises huge rewards for both sellers of the items and the consumers who use them, and it also presents an enticing target for hackers.
Convenient—But Secure?
A survey conducted in November by Keeper Security “found that nearly three in four millennials in the 25-34 age range are not even aware that these devices arrive from most manufacturers with simple, pre-set default passwords,” the company’s blog reported.
“Some 65% of these millennials, who are the most active buyers of IoT (Internet of Things) devices, are not aware of the rising tide of concern around IoT device security. And the same percent—65%—of millennials say they don’t take evaluation of security of IoT devices seriously.”
Hackers have used simple techniques to break into IoT devices ranging from baby monitors to toys. Once access is established via the device, hackers can use a botnet to launch a denial-of-service attack on an Internet service provider, leaving millions without online service.
Beat the Bots with a Few Simple Defensive Moves
Security Keeper honed in on the IoT devices with simple factory-preset passwords and said the best defensive move to make is to change that password.
Other tips include:
- Use a free password manager
- Never share passwords
- Don’t use the same passwords on different devices
- Don’t use your network name as a password
- Don’t use words in passwords that can be found in the dictionary
- Never write down and store passwords where others can view them
IoT security vulnerabilities fall across a broad spectrum of possibilities, though Learning Tree reports that there are 10 main themes:
- Insecure web interface
- Ineffective authentication and authorization
- Insecure network services
- Lack of transport encryption
- Unnecessarily sharing data or personal information
- Insecure cloud interface
- Insecure mobile interface
- Insufficient security features
- Insecure software or firmware
- Not erasing all personal information before discarding or selling a device
Blockchain to the Rescue?
One Internet user with a lot at stake—the U.S. Department of Energy—announced in September that it was embarking on a multi-million dollar effort to integrate blockchain technology to secure the nation’s electrical grid.
Guardtime, the company hired to design the system, said that the project would “protect the Nation’s energy infrastructure from emerging cyber threats and enhance the reliability and resilience of the Nation’s critical energy infrastructure through innovative, scalable, and cost-effective research and development of cybersecurity solutions and operational capabilities.”
The security system would include:
- Real-time response to hacking attempts
- Autonomous detection of data anomalies
- A data exchange platform using smart contracts for the automated trading and settlement of contracts in the electricity production value chain.
“Advocates say the technology could be especially promising in industries where networks of peers—electricity producers and consumers, connected via the grid, for instance—depend on shared sets of data,” said MIT Technology Review.
Rocky Mountain Institute said blockchains have a number of components which can be applied to grid security:
- Tamperproof data
- Complete data availability
- Redundancy
- Privacy and control
- Third-party processing
“As the world of energy becomes more digitized and decentralized, the need for solid defense against cybersecurity threats increases drastically,” the report said. “When a blockchain is implemented properly, it offers a strong defense against external and internal threats by mitigating Internet-connected and data communications vulnerabilities, and increasing data confidentiality and privacy.”
