Written by Luis Corrons, Technical Director of PandaLabs at Panda Security
According to Gartner, the Internet of Things installed base will grow to 26 billion units in 2020. However, other studies suggest even higher figures, up to 50 billion. The fact is that today there are more than two Internet-connected devices for every person in the world.
Until a few years ago, only computers had Internet access. Since the birth of the smartphone, however, the number of connected devices has been growing at an exponential rate and now includes tablets, printers, TVs, IP cameras, etc. But this is just the beginning. In a few years, the number and variety of Internet-connected devices will be huge, from light bulbs and door locks, to cars, wearable devices, etc. Even today it is possible to purchase Internet-connected refrigerators that allow you to do your shopping online from the comfort of your home.
In this scenario, what does security have to do with the Internet of Things? Everything.
Every system that is connected to a network is susceptible to attacks from any user connected to the same network. And if that network is the Internet, then almost anyone could try to hack any connected device. In the computer world, where attacks have been occurring for decades, there are two main techniques to compromise targeted systems:
– Social Engineering
The first one involves tricking the victim into breaking normal security procedures without their knowledge. The second one consists of exploiting software flaws that could allow attackers to access (and often control) systems. On many occasions attackers use mixed methods, where an attack uses social engineering techniques in order to exploit a vulnerability.
If there is something that differentiates the Internet of Things from the old concept of Internet-connected computers and smartphones is the fact that most IoT devices are hardly ever manipulated by end users directly. Let’s take IP cameras, wireless printers or routers for example… These devices are hardly ‘touched’ once they are installed. As long as they work, they are mostly ignored by users. On one hand this is positive, as it prevents social engineers from succeeding, but on the other it means that the software installed on these devices will rarely if ever be updated. And if it is not updated, then any vulnerability will never be fixed, despite the security patches released by manufacturers. A real nightmare.
Under these circumstances the best solution is for manufacturers to implement auto-update systems that patch devices without requiring user interaction.
About Luis Corrons
Luis Corrons has been working for Panda Security since 1999. He started in the technical support department, helping home and corporative users with virus incidents. A year later, he joined the international technical support team assisting Panda’s technical support belonging to their partners distributed over 50 countries around the world.
In 2002, he became PandaLabs’ director as well as malware alerts coordinator in worldwide infection situations, dealing with major outbreaks and coordinating with external parties.