The Internet of Things has entered our lives as merely a convenience with a small added coolness factor. But what is easy to forget sometimes is that they are still devices hooked up to the Internet, meaning they are just as vulnerable to a threat as any other device.
A new report is now showing that IoT devices are under a constant attack. What’s worse is that the devices that are facing the most threat are those facing zero-day vulnerabilities, meaning those who don’t even realize that they are facing a particular threat.
Cyxtera Technologies Report
No matter what IoT devices you have at home, at work, or on your person, they are susceptible to attack. If a device connects to the Internet, it’s vulnerable to an attack. But we tend to forget about our smart watches being vulnerable, our smart light bulbs being vulnerable, and our robot vacuums being vulnerable.
Cyxtera Technologies has released a new report that shows that IoT devices are being attacked continually. This is especially true of those facing zero-day vulnerabilities, meaning devices that we never expect to get attacked.
The “Detection of Threats to IoT Devices Using Scalable VPN-Forwarded Honeypots” report was conducted by Cyxtera threat researcher Martin Ochoa and the Singapore University of Technology and Design. They released some interesting statistics.
- More than 150 million connection attempts to 4,642 unique IP addresses
- 64% of incoming connections originated in China
- 14% of incoming connections originated in the United States
- 9% of incoming connections originated in the U.K.
- 8% of incoming connections originated in Israel
- 6% of incoming connections originated in Slovakia
All of the IoT devices in the research faced attempted logins immediately, as soon as the systems went online, with the number of login attempts increasing gradually over time. New malware, like Mirai, Satori, and Hakai were used to attack devices from the honeypot, meaning devices that had security of some sort. Attacks were elevated before the malware was announced publicly.
Last month a report showed that 31% out of the 96 smartphone apps for IoT devices that were tested had no encryption, and 19% had hardcoded keys that were easier to notice. 50% of the apps could be easily exploited. Apps for Belkin, TP-Link, and Broadlink devices were all found to be susceptible.
An earlier study by Gemalto of 950 IT professionals and those who make business decisions showed that only 48% of the businesses in the world are able to detect if their IoT devices are breached. 79% are asking for more ardent guidelines for IoT security, while 59% are looking for clarification on who should be responsible for protecting the IoT.
What This Data Means
What this all means is that our IoT devices are always under a threat of being attacked, and many times the devices being targeted are ones that we’d never expect to suffer an attack. They’re susceptible since the moment they go online. Even those in the IT business or who make business decisions aren’t able to detect if their devices are being breached.
It means when you buy an IoT device, just like when you buy a computer or a smartphone, you need to make sure there are mechanisms in place to prevent your device being hacked.
Do you worry about your IoT device being hacked? Tell us in the comments section below.