Cyber-attacks against IoT devices have grown markedly over the past two years, prompting a warning from Interpol that nearly any IoT device – from refrigerators to smartphones - is vulnerable to attack.
As attacks proliferate, law enforcement struggles to keep up, according to a report in the Express.
"Attacks on IoT devices such as internet connected fridges, TVs, smart home devices etc. are down to flaws in the software running on them, and attacks will continue to happen until those flaws are dealt with. Good practices by vendors around configuration and authentication need to be initiated or matured to prevent this in future,” said Adam Brown, manager - security solutions, at Synopsis. "The famous Mirai botnet attack of late 2016, which saw the likes of Twitter, Netflix and others knocked out of service, was made possible because of the use of default credentials in IoT devices – a flaw in the design.”
Brown said he "would love to see certification for IoT devices become commonplace so that consumers can know that the devices are cyber-safe, much in the same way that if you buy a toy with a CE mark you know it has been through a process of assessment and it won't, for example, poison anyone because it has lead in its paint.”
A device that is certified “will be less likely to lend itself to a hacker to steal from you, use you as a place to attack others from, or use your electricity to mine cryptocurrencies for themselves."
Interpol recently drew 43 investigators and digital forensics pros from 23 countries together for its Digital Security Challenge – one in which a cyber-attack is launched from a hacked IoT device, a webcam.
In an email to SC Media UK, Christian Vezina, CISO at VASCO Data Security comments that: “The Internet of Things is set to change the way we live and work but all of that could be easily sabotaged by the lack of adequate security,” and suggests that “ Organisations offering connected products need to invest in providing adequate security for the IoT experience. Consumers must also be educated on best practice for securing their devices. Without adequate security and education, consumers will be hesitant to engage with new experience and we risk missing out on the full potential of this revolutionary technology.”