IOT – Allowing Backdoor Entry to Hackers?
Everyone is talking about IOT (internet of Things) as the next big thing in the technology space. No doubt IOT has the capability of transforming the way we are able to connect and automate devices. Ability to turn on the AC in your car or room remotely through your smart phone or being able to control the red light signals based on the GPS data or even monitor and control the vital statistics of patients without being physically present in the hospital or have your product automatically send malfunctioning alerts to your CRM systems even before customer faces outage. These are all great use cases of IOT and no doubt that with time the usage will expand far quickly than we can imagine. One of things we must be careful about before letting IOT enter our daily lifestyle is how safe are these devices from risk of a cyber attack.
Many of the IOT devices lack basic cyber security protocols that it can easily be hacked in a matter of a few minutes, thereby giving the hackers access to the data, conduct espionage or damage the devices. Computers have plenty of memory & processing power to host powerful security features but the devices that lack such abilities like smart fridges, video conferencing systems, smart light bulbs have poor security.
The risk is not hypothetical, it is real. If we look at the recent cyber attacks which took out systems like Twitter & Reddit, the attacks were launched by IOT botnet.
If hackers through cyber attack are able to break into one of these IOT enabled devices For example remotely taking control of security systems they could easily help criminals in performing physical break-ins by turning off cameras and opening and closing doors. Many high security buildings storing classified data can be compromised by entering the systems that are vulnerable to cyber attacks.
The smart video conferencing systems, connected printers, and VoIP phones all represent easy IoT-connected targets which provide an easy gateway for the cyber attackers to hack in the targeted organisation by listening into calls or using the less secure systems to access more secured parts of the network and steal confidential data.