The widespread security vulnerabilities of Internet of Things (IoT) devices have been discussed and hyped extensively, but a telemetry-based Bitdefender analysis has confirmed that your users’ home networks are as badly protected as you’ve feared.
Collated from the firm’s BOX IoT security device, telemetry showed that weak and rarely-changed passwords were rampant on home networks and outside attackers were peppering vulnerable networks to infiltrate or take over insecure smart devices.
The average protected home network had 20 smart devices, including the household gateway or router – and, with more than 9000 identified IoT vulnerabilities already made public, attackers had little trouble developing proof-of-concepts that would simply pound target networks until they found a way in.
“Automated attacks that rely on IP and port scanning are the new normal,” the analysis warns, noting that the 30-day data collection period saw 461,718 threats attacking the protected IoT devices.
Of these, 76 percent stemmed from dangerous websites – and 95 percent targeted common vulnerabilities and exposures.
“Cybercriminals are deviating from their traditional attack methods by developing new strategies based on easily exploitable smart devices,” the report notes. “Different size botnets come and go daily as they ceaselessly get hijacked by competing bot operators, and customers and the security industry alike have no visibility into this space.”
Overall, routers were the most vulnerable devices – comprising 59.45 percent of attacks – followed by computers (9.48 percent), NAS devices (9.32 percent), printers (8.70 percent), cameras (2.92 percent), and smart TVs (1.65 percent).
Denial-of-service attacks were the most common vulnerability exploited by outside attackers, noted in 14.39 percent of cases. But code execution (11.99 percent), overflow (11.35 percent), information theft (11.22 percent), restriction bypass (10.17 percent), memory corruption (8.6 percent), cross-site scripting (6.14 percent), and privilege escalation (5.09 percent) were all seen during the monitoring period.
Routers were most commonly hit by denial-of-service attacks, which were observed in 30.75 percent of cases – ahead of overflow (13.43 percent) and code execution (12.30 percent) vulnerabilities.
Users not helping the situation
Extensive research into IoT vulnerabilities around the world has produced some “truly frightening” findings, with one team of Israeli hackers recently describing a technique for bypassing the security of IoT devices.
A recent Gartner survey found that nearly 20 percent of organisations had experienced at least one IoT-based attack in the past three years.
IoT devices’ intrinsic vulnerabilities weren’t being improved by users who, the review showed, have been less than proactive in updating their devices and passwords.
Fully 60 percent of consumers had never updated the firmware on their wireless routers, while 55 percent of smart TV users had never updated that device’s firmware.
One in ten users has the same password for all of their smart devices, while 24 percent said they have several passwords that they use randomly. And 7 out of 10 smartphone or tablet users said that it has been more than 3 months since they changed the passwords on those devices.
“Without actively making informed decisions regarding the security status of their home network IoTs, users will be at constant risk of more than just having their private and personal data stolen, leaked, or irreversibly lost,” the report’s authors note.
“While IoT security awareness should start with manufacturers, it’s also up to individual users to secure their home network and understand the risks associated with poorly secured smart things.”