Last Updated on June 8, 2021 by Calvin C.
As the number of IoT devices continue to increase at a fast pace, it is important to look at common IoT attacks and ways to prevent them.
Background of IoT devices
- IoT devices: These are non-standard computer gadgets that have sensors, software or other technologies to enable connection with other devices over the internet.
Classification of IoT devices is based on their application and falls under 4 categories:
- Infrastructure spaces
IoT devices are increasingly used for various consumer applications that include smart homes, wearables, health monitoring to name a few.
With a smart home, heating and lighting can be automated which saves resources in the long run.
Camera systems are also available to monitor home surroundings and you access the data over the internet using apps on your mobile device.
In this field, IoT devices are equipped with sensors to monitor industrial systems and processes.
This is essential in areas like farming, where IoT devices monitor the weather, soil and other parameters needed to formulate farming techniques.
Other applications include manufacturing of products where it’s easier and faster to adjust settings of IoT devices in the product chain.
Countries like South Korea are using IoT devices extensively in public spaces.
Sensors around the city give residents or authorities valuable information, which is accessed over the internet.
In these smart cities, even applications like heat and light are controlled by automated systems.
This list is endless, and more IoT devices are identified and integrated with each other.
Common IoT device attacks
1. Privilege escalation
At the moment, there are no universally set IoT security standards and this creates an opportunity for cybercriminals to exploit vulnerable systems.
IoT devices are exposed to privilege escalation attacks as hackers take advantage of bugs, design flaws and configuration oversight.
These devices must meet minimum standards to address things like:
- Password security
- Hardware issues
- Update of operating system
- Unsecure data transfer
Hopefully, in the future manufacturers take all this into consideration.
2. Lack of knowledge by users
More users are embracing IoT devices but there is no widespread education on privacy and security concerns attached.
Manufacturers are racing to gain the market share in this rapidly growing tech space without putting too much emphasis on security.
While consumers have a basic understanding of protecting themselves from common scams and viruses in the computer world, the same is not the case with IoT systems.
This makes users sitting ducks because there are no standard protocols to secure these IoT devices.
3. Ransomware attacks
As IoT devices become more integrated with other computer systems, the likelihood of ransomware attacks is very high.
In a ransomware attack, your device is infected with ransomware and it causes loss of functionality or blocks access to your data.
You only regain full control of the device after you have paid a ransom.
A cybercriminal can infect your entire IoT device network at home and block access to camera systems, home alarms or even the garage door!
In the coming years, these attacks will be more prevalent because people become more dependent on IoT devices.
4. Physical tampering
Physical security remains a major issue because IoT devices are usually exposed and easily susceptible to tampering e.g. surveillance cameras.
Manufacturers need to ensure that the devices are robust especially when they are located in remote environments.
Apart from vandalism, tampering may involve swapping a genuine IoT device with one that has been modified by cybercriminals.
5. Botnet attacks
On its own, a compromised IoT device may not pose a serious threat.
However, if a hacker succeeds in taking over multiple IoT devices in a botnet attack, the combined force can cause serious damage.
The malware targeted IP cameras and home routers, using them to mount serious DDoS attacks on popular websites like:
As a result, these high-profile sites were inaccessible.
You should change the default username and password of your IoT devices to make it more difficult for hackers to gain access.
This attack exploits a vulnerability between an IoT device and a server.
A cybercriminal intercepts traffic that is exchanged between the two and if there is sensitive data, results can be costly.
By using an encrypted network, chances for a hacker to view data that is transmitted is greatly diminished.
In some cases, attackers take over surveillance systems and gather intelligence or create a basis for demanding a ransom.
7. Access to confidential information
IoT devices in medical facilities can give criminals access to confidential data or critical systems in the hospital.
Devices like pacemakers, monitors and drug-delivery systems can be hijacked and settings are tampered with.
In the end, there is a risk that critical medical decisions are made based on false data from compromised IoT devices.
8. Malicious IoT devices
China is a major player in the manufacturing of IoT devices and there is a risk of getting counterfeit or malicious devices.
Malicious devices are made in such a way that cybercriminals get easy access to whatever data is collected, stored or processed.
You may end up installing, say, a home camera system that has bugs and gives attackers easy access to your surroundings.
9. Cryptomining by bots
Mining cryptocurrency requires a lot of processing power and IoT devices are an easy target to expand this power.
Botnets recruit vulnerable IoT devices and with the resulting massive computational power, it becomes easier to mine cryptocurrency.
All this takes place in the background and any IoT device with a processor is at risk.
DoS attacks have increased because IoT devices have come on board and increased exponentially.
It’s easy to mount a DoS attack because they have a weak security setup.
As a result, the devices fail to execute the expected function leading to wastage of resources.
12. Brute force attacks
IoT devices come with default usernames and passwords.
If one doesn’t change these, and it happens a lot, cybercriminals easily mount a brute force attack using pre-populated credentials.
These default login credentials are easily found online and if the attack involves a large network of IoT devices, it’s easy for them to be controlled by a botnet.
Use a reliable password manager to generate strong passwords.
Protecting your WiFi network
One way to prevent hackers from penetrating your home network is by encrypting all internet traffic, for example at home, using a VPN.
It is important to use a premium VPN so that data transfer speeds are not compromised.
A VPN can be configured on your router so that all devices connected to the WiFi network are protected.
Our overall best VPN for DD-WRT Router is NordVPN
IoT devices are proliferating and as it was mentioned above, the likelihood of getting counterfeits is very high.
Make sure you stick to genuine products, although you still need to be aware of the above challenges.
The least you can do is to make sure that your home WiFi network is secured with a VPN.
What IoT device have you used? Leave comments below and share the article with your friends on social media.