Skip to main content
banner image
venafi logo

Cybersecurity: Top IoT Devices Targeted by Hackers

Cybersecurity: Top IoT Devices Targeted by Hackers

image of businessman with headphones, in a subway at night
December 26, 2019 | Guest Blogger: Olivia Scott


The future is smart.

The future is automated. The future is smart. And the future is all about finding ways to leverage the Internet of Things (IoT).
 

IoT technology is becoming embedded at a rapid pace in almost every area of our physical environments. From smart power grids that optimize loads and distribution to smart engineering which senses environmental changes or hazards automatically, machine-to-machine (M2M) communications is fast becoming the foundation of a new IoT-based economy.
 

However, there's another less well-known side to this story. As M2M communications technology becomes more established, and both corporate and public organizations start to rely on its benefits, new cybersecurity risks are emerging.
 

If you use IoT technology, or you’re thinking about adopting it, recognizing these risks is absolutely essential. That's why we thought it would be useful to run through a few of the top IoT devices targeted by hackers.


What kind of attacks can be mounted against IoT technology?

 

Before we talk about individual devices, it's helpful to quickly cover some of the ways that cyber-attackers can target IoT systems.
 

The most important vulnerability concerns machine identities—the unique IDs which integrate IoT devices into networks and allow them to communicate. These identities usually take the form of SSL/TSL certificates, which protect the devices concerned via data encryption.
 

If these certificates expire (which they all do at some point), the encryption provided rapidly becomes out of date and vulnerable. Attackers can then use these expired certificates to pose as legitimate network actors, gaining access to systems, implanting ransomware, or propagating any other forms of malware.



Along with certificate-based attacks, IoT systems are exposed to human error and insider attacks, networks can be prone to DDoS attacks and "man-in-the-middle" attacks, as well as botnets that can take over entire industrial installations. However, most of those attacks benefit significantly from poor cybersecurity practices regarding machine identities and SSL/TSL certificates.


Keeping that in mind, let's take a closer look at the way cybersecurity relates to some of the most popular IoT devices.
 

1. Security cameras

Security camera networks were one of the first areas to be affected by the IoT revolution, enabling organizations to automate surveillance of their properties, and mix cameras with thermal or motion sensors to enhance their monitoring abilities.
 

However, they are also one of the devices most prone to cyber-attacks. Security consultancy SAM Seamless Networks has found that 47% of IoT devices hit by hackers are cameras of some form—way ahead of any other device.
 

These unsecured cameras could transmit data to thieves or competitors, lose functionality, and breach data protection laws as well. So staying in control of them is vital. But many companies utilize camera networks based around "shadow" systems, separated from their core IT networks. This, combined with poorly maintained machine identities, is often the root cause of camera-related IoT security breaches.
 

2. Wireless office equipment

Many offices have moved to wireless setups, where printers, copiers, shredders—everything they need for daily operations—is connected to a form of the Internet of Things. This enhances flexibility, reduces physical maintenance needs, and tends to work well. Until a security breach occurs.
 

Wireless printers, in particular, have been flagged as security risks, enabling attackers to take control and transmit information to third parties. Enterprising attackers have shown that this can be done with ease, even with devices located at the top of office blocks, so all offices are at risk.
 

3. Telco Infrastructure

The telecommunications industry has been an early adopter of M2M communications, and with good reason. The IoT offers a way to construct smart communications networks that manage data transmission efficiently, automate maintenance tasks, and offer easy scalability.
 

The problem is that as M2M-based TelCo networks have expanded, so has WiFi offloading. This normally helps cellphone companies to optimize their WiFi operations, but can also open the door to hackers. That's because the nodes which switch traffic from cellphone towers to WiFi networks are often unsigned, lacking the kind of certificates we noted earlier. Without proper protection, they are relatively easy to hijack and exploit, delivering unlimited free WiFi to the attacker.
 

4. USB Dongles

USB dongles are another area where corporations regularly put their IoT systems at risk without realizing that they are doing so. These accessories are commonly used across all types of organizations to connect computers and communications devices wirelessly. They allow seamless working, reduce the need for cables, and generally make office life easier. But they aren't always safe.

For instance, Logitech Unifying USB dongles have been highlighted especially vulnerable to hackers. In some cases, researchers have found that intruders can hijack keyboards connected via Unifying dongles, giving attackers complete control. In this case, man-in-the-middle attacks are the type to be concerned about, and they can affect any brand of a USB dongle if proper security precautions haven't been taken.
 

5. Smart Hubs and Home Devices

Finally, hackers are constantly seeking to target the smart devices used in private homes and commercial premises. Again, this affects almost all brands. For instance, the usually security-savvy Korean brand Samsung has been accused of failing to address bugs in its Smart Home systems.
 

In general, it makes sense to be skeptical about the security claims of smart tech manufacturers—whether we're talking about hotel TV networks or Amazon Echo. And as security expert Matt Pascucci explains, authentication lies at the heart of the weaknesses involved.
 

As with wireless printers, security cameras, USB dongles, and TelCo networks, smart technology relies on security certificates to guard against attackers. So if there's one takeaway from this list, that should be the imperative need to sharpen up SSL/TLS certificate setups. If not, using the IoS could become a cybersecurity nightmare.


Learn more about machine identity protection. Explore now.
 

Related posts

Like this blog? We think you will love this.
internet of things, iot, malware, data protection, shadow iot
Featured Blog

How to Secure Your Company’s Shadow Internet of Things (IoT)

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection
Industry Research

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection

Machine Identity Protection for Dummies
eBook

Machine Identity Protection for Dummies

About the author

Guest Blogger: Olivia Scott
Guest Blogger: Olivia Scott

Olivia Scott is a cybersecurity enthusiast at VPNpro.com. Her key competencies include data safety, privacy tools testing, and Wordpress vulnerabilities.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat