Approximately 80% of IoT devices are vulnerable to a variety of attacks. Connecting conventionally standalone smart devices like lights, appliances, and locks clearly brings a slew of cyber security concerns. Even connected baby monitors are vulnerable to digital intruders, as a number of parents realised too late when hackers communicated with their young children through hijacked equipment.
The following are some of the most common cyber security threats and attacks against smart home devices:
- Permanent Denial of Service (PDoS): A permanent denial-of-service (PDoS) attack, often referred as phlashing, is a threat that destroys a device to the point that it needs to be replaced or reinstalled. BrickerBot is an example of a bot designed to exploit hard-coded passwords in IoT devices and cause a permanent denial of service. Fake data might also be given to thermostats in an attempt to cause irreversible damage by causing severe overheating.
- Device Hijacking: It occurs when an attacker takes over control of a device. Because the attacker does not alter the device’s essential functionality, these attacks are difficult to detect. Furthermore, one gadget has the potential to infect all smart devices in the home. An attacker who compromises a thermostat, for example, might hypothetically get access to a complete network and remotely unlock a door or change the keypad PIN code to prevent entry.
- Man-in-the-middle: An attacker breaches, disrupts, or spoofs communications between two systems as a man-in-the-middle attack. Fake temperature data provided by an environmental monitoring device, for example, can be faked and sent to the cloud. Similarly, during a heat wave, an attacker can stop vulnerable HVAC systems, resulting in a disaster for service providers using impacted models.
- Identity theft: Smart appliances and wearables are prime targets for accessing private details and can be used for data and identity theft.
Securing Smart Homes:
A comprehensive IoT security solution (device to cloud) that does not compromise a service provider’s or OEM’s profitability or time to market should be used to protect connected smart home devices. The following features should be included in a comprehensive IoT security solution:
- Securing Boot
- Lifecycle management of Security
- Secure Communication
- Mutual authentication
- Security analysis and monitoring
The author is Tanisha Gupta.