The Internet of Things has become an inescapable part of life. Yet with the popularity of IoT come various security-related issues. This note looks at some of the top IoT threats for 2023.
The Internet of Things has become an inescapable part of life. Yet with the popularity of IoT come various security-related issues. This note looks at some of the top IoT threats for 2023.
IoT, of which IP-based security devices are a part, has increasingly edged into various aspects in the everyday life. Smart home sensors that trigger HVAC or lights when we get home, or apps that notify us of parking availabilities nearby, are all examples of this. In fact, a forecast by IDC estimates that there will be 41.6 billion IoT devices in 2025, capable of generating 79.4 zettabytes (ZB) of data.
While IoT brings convenience, it can also introduce
risks. Users should have a better understanding of these risks and try to minimize them as much as possible. Below we look at some of the top IoT security threats of 2023 that users should be aware of, based on a post by IoT security solutions provider ThriveDX.
Espionage and eavesdropping
IoT devices gather, store and transmit data, which can be intercepted by hostile actors if the devices are not properly protected. Hijacked baby cams through which hackers talk to babies or look into the house are examples of this.
“For easy spying, hackers can take over a camera-enabled IoT device and use it to live stream footage or take pictures of the device’s surroundings. They can use IoT devices with microphones to eavesdrop on conversations taking place near the device. This is why countries like Germany have banned the interactive doll ‘My Friend Cayla’ because attackers could use it to spy on people,” the post said.
Ransomware attacks
Ransomware encrypt data and information inside an IoT device, and the user is forced to pay a ransom to have the data decrypted.
Ransomware attacks have become more serious as the hardware/devices being targeted could be equipment critical to the operation of power plants or water treatment facilities.
“In February 2022, hackers launched a ransomware attack on KP Snacks, a food company in the UK. The attack disrupted the company’s operations, prompting it to declare that there would be a shortage of roasted nuts and potato chips. This shortage occurred because it was difficult for KP Snacks to process orders safely,” ThriveDX said. “Going into 2023, ransomware attacks will likely target IoT devices more frequently. And as these devices become more interconnected, the potential damage from these attacks will only increase.”
Shadow IoT
The concept of BYOD or “bring your own device” has become popular. A lot of these devices are IoT-based, not secure and brought into the workplace by employees without the IT department knowing about it. This then gives cyber criminals an opportunity to hack into the company system.
“Once the hackers penetrate these devices, they can access the corporate network and steal sensitive data using privilege escalation. If organizations want to avoid this likely 2023 IoT security threat, their IT admins should put IoT visibility and control high on their list of priorities,” the post said.
Botnet attacks
Botnet attacks are those where the hostile actor takes control of a series of connected devices and have them launch DDoS attacks against a certain target. One famous (or infamous) example was the 2016
Mirai incident where IP cams and NVRs were used as bots to launch DDoS attacks against Dyn, an Internet performance and management company. The result was a shutdown of service across various famous sites including Amazon, the Financial Times and Netflix.
“IoT devices are more vulnerable to botnet attacks because they often have little to no security. Many IoT manufacturers don’t include security in the design of their products, and as a result, IoT devices are easy targets for botnet attacks. Cybercriminals can easily turn them into zombies and deploy them as weapons for DDoS,” the post said.
Lack of IoT security awareness
According to the post, IoT is a relatively new technology, and users still do not know much about staying safe when leveraging it. “Hackers will likely take advantage of users’ lack of awareness to initiate social engineering attacks. Social engineering involves using psychological tricks to get people to reveal sensitive information or perform actions that will compromise their security,” it said. “As IoT devices become more widespread in 2023, social engineering attacks will only become more common. IoT users need education about the risks of using these devices and how they can protect themselves.”
In conclusion, the above underscores the risks that connected IoT devices can bring, not only in 2023 but as long as IoT remains popular. It is therefore incumbent upon the user to engage in IoT security best practices and equip themselves with related knowledge to protect their devices and assets. Only by constantly keeping IoT security in mind can users truly enjoy the convenience IoT brings.