Five Ways the Internet of Things Can Put Your Security at Risk

By on Mar 01, 2015

Sometimes a new technology comes along that’s so promising, so revolutionary, that, over time, future citizens consider the innovation to be commonplace. Take sliced bread for example.

Sliced bread, you may be surprised to hear, wasn’t baked into the fabric of everyday life until 1928, when a man named Otto Rohwedder leveraged his device through a nearly bankrupt banker. His invention, almost snuffed out of existence thanks to an unfortunate fire in 1917, went on to make life easier for people everywhere. Loaves no longer needed cutting, knives didn’t need to be sharpened and fingers were shielded from the blade.

The Internet of Things (IoT) is a lot like sliced bread: it’s simple in its revolutionary nature and promises to make life easier—by optimizing home temperatures, updating your traffic maps and keeping track of exercise, among other things—for everyone. But IoT has a flaw: like the fire that threatened the future of sliced bread, hackers threaten to reduce IoT to ashes by abusing device connections.

How can they do this? Well, there are five distinct ways hackers can compromise IoT devices. Let’s take a look:

1. Data Breaches

2014 was not kind to personal data. Repeated breaches throughout multiple industries have shaken consumer confidence in retailer and credit card security. The IoT, which collects a treasure trove of data on consumers, from spending habits and activity levels to television history and eating habits, could be worse. When not properly secured, IoT devices threaten to expose sensitive information to hackers and other cybercriminals willing to use that information to further their illegal exploits.

2. Cross-Device Access

IoT devices connect to a smartphone, a computer or directly to a Wi-Fi network. This introduces an additional path hackers can take to access sensitive devices like your desktop computer or smartphone. By installing a malicious program—often referred to as malware—on an IoT device, hackers can monitor your network and communications, spread malware to additional devices and conduct what’s known as a man-in-the-middle attack—where an entity either intercepts, eavesdrops or modifies a message sent between two people or two devices.

3. Spying on Your Whereabouts

Many IoT devices and services tout their tracking abilities. Tracking features can help plot out running paths, commute routes and measure distances. They can also tell hackers when you’re away from home. By monitoring your whereabouts through Internet-connected security cameras, wearables and even thermostats, hackers may have the ability to know precisely when you are and aren’t home—provided they have access to your network.

4. Botnets

One of the biggest threats to IoT devices are botnets—networks of computers working together to achieve a goal, often illegally. IoT devices lack sufficient security and encryption technologies, making them particularly vulnerable to hackers seeking to grow their army of computers. We’ve already seen this happen. Last year, we reported on an IoT botnet that employed smart TVs and refrigerators (among other devices) to send out spam. Unfortunately, the IoT threatens to drastically increase the number of computers hackers can use to grow their botnets, if not properly secured.

5. Ransomware

One of the most troubling trends in Internet security is about to get more troubling. Ransomware, a type of malware used to hold computers and devices hostage until a victim pays a fee, will make its way to IoT devices—and it could be dangerous. Internet-connected cars, drones and other items could be taken hostage and remotely disabled in life-threatening situations.

Over the next few years, we’ll see a massive boom in IoT devices. But security may not boom with it. Thankfully, there are a few things you can do to protect yourself during this turbulent transition into the future. Here are a few tips:

  • Update your software. Smart TVs, gaming consoles, and other Internet-connected devices are new to the market, and because of that, many companies are still working out security kinks. When an update is offered, run it. The new version may include patches to close up recently discovered security holes.
  • Do your research. Prior to purchasing a new smart device, be sure to investigate the company security policy and ease with which the product can be updated. If you have any doubts about the security of the device, consider contacting the manufacturer for additional clarification.
  • Protect your mobile devices. Our mobile phones and tablets often control smart devices, so protecting these controllers will help ensure that your smart devices won’t get compromised. McAfee LiveSafe™ service provides comprehensive mobile security that offers real-time protection against mobile viruses, spam, and more. If you already have computer protection, you can install McAfee Mobile Security on your iPhone or Android device free of charge.

And, of course, stay on top of the latest consumer and mobile security threats by following myself and @McAfee_Home on Twitter, and Like us on Facebook.

GaryNasdaq_NCSA_Conference_panel small

About the Author

Gary Davis

Gary Davis was previously McAfee's Consumer Security Evangelist providing security education and advice to businesses and consumers. He is a sought-after speaker on trends in digital security, appearing at conferences and events, as well as security and consumer lifestyle broadcast outlets and publications such as ABC, NBC, FOX, the Wall Street Journal, USA Today, Money ...

Read more posts from Gary Davis

Subscribe to McAfee Securing Tomorrow Blogs