Almost every new product released – whether it be printers, smart TVs or security cameras – has the ability to send and receive information through the internet, which has come to be known as the Internet of Things (IoT). IoT devices allow you to lock your doors from another city, manage air conditioning remotely and more, all from your computer or smartphone.
What you may not know is how secure these devices are when it comes to outside forces and mischievous hackers. Researchers have discovered more than 178 million IoT devices visible to hackers in the ten largest US cities, and with over 8 billion active devices worldwide, the true number of unsecured devices is likely much higher. As a business, it’s important to know the risks associated with IoT devices, how hackers gain access to such devices, and how to test devices for vulnerabilities to help locate and prevent those devices from an attack.
Risks Associated with Vulnerable Devices
In October of 2015, when IoT devices were gaining popularity, the FBI released a statement warning users that while the devices provide benefits, there are serious risk as well. Some devices, such as printers or smart refrigerators in the breakroom, can be exploited by cybercriminals who can place malware on the device to steal personally identifiable information and cause costly operational downtime. Things such as security systems can be disabled, potentially leading to physical safety threats as well as costly break-ins. With more smart devices being put into businesses, it’s critical to know what every device does and ensure it’s secure from outside forces.
How Hackers Gain Access
A majority of devices are shipped lacking even the most basic cybersecurity protocols and can be hacked within minutes. Devices often come with default usernames and passwords that can be easily logged into with brute-force. Hackers will run programs and password cracks repeatedly with a list of various default passwords until they have gained access to the device. Even if the device requires a user to visit a website to change the default password, some have hardcoded Telnet and SSH passwords that cannot be changed. While hacking IoT devices can take only a few minutes, the consequences can be drastic.
Testing IoT Devices for Vulnerabilities
There are various tools put out by security firms to help discover any unwanted connections to your devices. The first step in testing your devices is to do a count of any IoT device that is connected to the internet in one way or another. You can run a scan to see whether you have vulnerable devices in your network by trying Bullguard Security’s IoT Scanner or Gibson Research Corporation’s ShieldsUP! Scanner. These services will show whether your devices are willing to accept and process commands from outside users. If any of them are, you’ll want to ensure that you update any passwords for the device and update the firmware.
There are many other tools to identify vulnerable devices; if your business needs assistance in evaluating your IT security, try reaching out to a Managed IT provider for help.
Knowing your information is safe and secure is a top priority for businesses today – small or large. For a free assessment of your IT infrastructure, contact a Managed IT expert at Gordon Flesch Company, and take the steps necessary to control your vulnerable IoT devices.
