Venafi recently shared Zscaler’s report on the rising instances of encrypted attacks, increasing at a stunning rate of 260% in 2020, but the story doesn’t end there. Zscaler is now confirming that attacks on internet of things (IoT) devices have increased an astonishing 700% since 2019.
With the world of IoT devices expanding so rapidly, it is vital to ensure the devices you are trusting with personal information are trustworthy and secure. For example, do you know if your dash cam is safe from criminals tracking your daily activity? You may be surprised to learn which well-known brands aren’t protecting IoT devices!
Internet of things, or IoT, devices can refer to the rapidly growing number of physical devices capable of connecting to the internet. Embedded with sensors and software capable of collecting and sharing data online, IoT devices are invaluable in enhancing productivity and improve a vast number of processes across all industries. Unfortunately, the nature of IoT devices’ connectivity does leave room for malicious actors to take advantage, particularly due to these top 10 vulnerabilities that make IoT devices insecure.
Zscaler conducted an experiment on select IoT devices to determine how much of the incoming traffic was malicious, and in just a two-week period they blocked 300,000 malware-related transactions. In addition to this massive increase, Zscaler also found that out of 900 payload deliveries to 18,000 unique hosts, nearly all of them belonged to either the Gafgyt or Mirai botnets.
As of 2021 only 24% of IoT devices utilize encryption when transmitting data, leaving a staggering 76% of IoT devices completely exposed. The most frequent devices to come under attack were CCTVs and digital video recorders, which can include home and car automation devices.
Have you ever considered how intimate a part of your life your dash cam is? It’s intended to simply record the road ahead of your car to provide evidence in cases of collisions or reckless driving incidents, but the connection to you goes far deeper. Your dashcam travels with you to your home, your job, your loved ones’ homes, and is a reliable source of your daily schedule. Can you imagine that much personal information in the hands of a criminal that could negatively impact you?
In this context, one would expect that a source of such sensitive and potentially harmful data would be protected with ironclad security. It turns out, this is not the case at all. A study of nine major brands, including Garmin, revealed that not one of them took encryption or cyber security seriously enough. Most dash cams have a smartphone app that connects to the camera via Wi-Fi that allows you to playback the footage on a smartphone, and this connection was unnervingly easy to access by fake “hackers” hired to test out the defenses.
Brands including Garmin, Halfords, Road Angel, Transcend and others use default passwords that are simple to exploit depending on that password’s strength, and that default password is the end of the protection. Any hacker that can guess or crack this password could have full access to that user’s dashcam.
While there are no legal security standards in place for these types of devices, it is the responsibility of brands to provide encryption for these IoT devices.