Every year the world is adding more than a million devices that are connected to the Internet of Things to perform various tasks. An estimate shows that by 2025, the world will have 64 billion connected devices. Most of the IoT devices are being used in the manufacturing and industrial sectors to transform and automate the processes. There is no doubt that IoT systems have the capability to change the traditional processes, increase the efficiency and lower the costs but due to the vulnerabilities the systems are exposed to, there is a high potential of security threats.
IoT systems have entered the households and almost every device like a refrigerator, dog collars, rectal thermometers, microwave, face locks have internet connectivity. These devices provide a lot of convenience to the owners but put the privacy and security of people at risk. The data flowing through the devices are shared with the service providers and users are unaware of how this data is being used and stored. The security flaws in the systems expose it to multiple attacks by hackers. A report by Symantec shows the attacks on IoT devices have increased by 600% from 2016 to 2017.
The threats and privacy issues of the IoT systems are discussed below:
Manufacturing Flaws: The increasing demand in the market has soared the production of the devices and the manufacturing companies associated are not much concerned about incorporating the security features in the devices. Most of the devices used in the houses are missing on important security updates and some devices don’t receive updates at all. Users have reported the devices exposing the Gmail credentials on the screens which put them at high risk of attacks.
Brute Force and Default Passwords: The manufacturers are selling the devices which have default login credentials and because of the lack of global standards, there isn’t much heed paid to resolve this issue. The Mirai malware used by the hackers’ identities the devices with default credentials and infects them easily. These devices are vulnerable to brute force attacks where the hackers try multiple passwords or passphrases until the correct one is found. Till the time countries don’t work on creating global security standards for IoT devices, users will be at risk of losing out on personal and valuable information to the hackers.
Malware and Ransomware: The number of IoT devices are increasing and so are malware and ransomware attacks. Hackers are utilising the hybridization of both to lock the devices and steal the information from the users. An analysis has found that there are 6.7 million attacks every hour via emails and browser searches to lure the customers into harmful URLs and 19.2 million connected files are exposed to customer’s networks. These surging attacks showcase the risks that customers are exposed to.
Data Security and User Privacy: Data security and privacy are one of the biggest concerns of IoT systems. The world is connected with billions of devices and the data is harnessed, transmitted and stored by the organization using devices like lighting systems, smartwatches, TVs’ and house security systems. Organizations are selling this data for carrying out analysis and research and to know about user’s behaviour patterns and ultimately violating the rights to privacy and data security. There should be legal regulatory compliance to anonymize the sensitive data before it is stored by the organizations to protect the identity of the user.
Artificial Intelligence and Data Automation: It is certainly not possible to manage humongous data that flows through the network and researchers are working to build AI models to automate the systems. These models can help in enforcing data-specific rules to detect anomalies and traffic patterns. But using AI for large infrastructures like manufacturing and healthcare is too risky as a single flaw in the security system can bring down the whole infrastructure.
Unencrypted Devices: The IoT devices send different non-encrypted messages on the network which can be cracked by the hackers to know the personal details of the users. The face locks, lighting systems, heat thermostat are some of the unsecured devices in the houses which can pose potential harm to the valuable information of the user.
Home Invasions and Tracking: Every household is using some device which is connected to the IoT systems. The IP address of the devices can pinpoint to the residential address of the users and the data can be sold by the hackers to the underground criminal outfits. Also hacking of the security systems used in houses can put the customers at huge potential threats.
People have easily adapted themselves to automation and are using it widely in their day-to-today lives but most of the users are unaware of the security risks IoT devices expose them to. There is an urgent need to bring global regulatory standards and compliance to secure the devices and hence the privacy of the users.