Schedule Your Free Security Assessment

UnHacked Episode 14 - Internet of Things Security Summary

Main Topic: Internet of Things (IoT) Security

What is IoT?

The Internet of Things refers to any devices that can be accessed remotely or connected to the internet, including:

  • Smart home devices (doorbell cameras, refrigerators, toasters)
  • Vehicle systems
  • HVAC systems
  • Security cameras
  • Smart watches
  • Industrial control systems

Current State of IoT

  • Approximately 17 billion IoT devices exist today
  • Projected to reach 25 billion by 2030
  • Uses IPv6 addressing scheme allowing for virtually unlimited device connections
  • Largely unregulated industry with no standardized security requirements

Key Security Concerns

Lack of Standards

  • No regulated security requirements for manufacturers
  • Security often implemented as an afterthought
  • Some devices have built-in malicious capabilities

Default Security Issues

  • Many devices ship with default passwords
  • Some devices don't prompt password changes
  • Default credentials easily found online

Update Management

  • Difficult to track necessary updates
  • Updates not always automatic
  • Some manufacturers stop supporting devices
  • Users often unaware updates are needed

Real-World Examples

Jeep Hack

  • Vehicles could be remotely accessed through built-in WiFi
  • Hackers could control steering, radio, wipers, and other systems
  • Required major recall to fix

Home Depot Breach

  • 60 million credit cards compromised
  • Entry point was through HVAC system
  • Demonstrates how IoT devices can be used to access larger networks

Mirai Botnet (2016)

  • Massive botnet created from compromised IoT devices
  • Used default passwords to infect devices
  • Took down major websites including Twitter, Reddit, CNN, Netflix
  • Demonstrated the power of marshaled IoT devices for attacks

Medical Facility HVAC Incident

  • Unauthorized cellular hotspot installed by vendor
  • Created unsecured secondary network access
  • Allowed hackers to control building temperature

Schedule Your Free Security Assessment

Recommendations for Businesses

Network Segregation

  • Implement VLANs to separate different types of devices
  • Create separate networks for:
      • IoT devices
      • Corporate systems
      • Guest access
  • Ensure proper configuration of guest WiFi

Device Selection

  • Avoid choosing based solely on price
  • Research manufacturer reputation
  • Consider total cost of ownership
  • Verify update capabilities before purchase

Management Practices

  • Track all IoT devices on the network
  • Maintain inventory of makes, models, serial numbers
  • Regularly check for and apply updates
  • Replace unsupported devices

User Education

  • Make it easy for employees to use approved systems
  • Provide clear guidelines for personal device use
  • Address shadow IT by offering secure alternatives

Key Takeaways

  1. IoT devices represent one of the biggest unaddressed problems in cybersecurity
  2. Awareness is crucial - understand what's connected to your network
  3. Professional implementation is essential for proper security
  4. Consider cyber insurance for residual risk
  5. Start improving security now, even if not perfect
  6. Aim for steady improvement (1% better every day)

Resources

  • Website: unhacked.live
  • Facebook group for discussions and upcoming episodes
  • Free cybersecurity assessment available through website

Schedule Your Free Security Assessment