IoT Devices Vulnerable to Exploitation

Beware of Endangered IoT Devices

The number of connected devices has exploded in the past few years. From a relative niche buzzword just a decade ago, the Internet of Things (IoT) has rapidly become a major paradigm shift, with everything from consumer devices like security cameras and thermostats to industrial equipment to infrastructure given a “smart” overhaul.

According to some estimates, there are upward of 22 billion IoT devices in the world today. This number is likely to increase to 38.6 billion by 2025 and a massive 50 billion by 2030.

---

Scam Detectors Most Trusted Websites in Online Security

1. Guard.io (100): Surf the web safely. Clean up your browser, remove maliscious extensions and check for privacy violations.
2. Incogni.com (100): Delete your personal data from the internet and protect against scams and identity theft.
3. ExpressVPN (100) Stay secure and anonymous online - Best VPN Out There

---

The Internet of Things represents an enormous opportunity for both vendors and customers alike. Unfortunately, it also opens up opportunities for exploitation by cyberattackers and other malicious actors. Vulnerabilities exist in many IoT devices, which may be harnessed by attackers to cause significant damage.

Researchers recently discovered a new set of vulnerabilities that affect the TCP/IP stacks of millions of IoT devices and embedded systems, ranging from smart plugs to printers. These devices came from upward of 150 vendors.

Amnesia:33 Is The Latest Vulnerability

The total of 33 vulnerabilities have been named Amnesia:33. They could potentially be exploited to allow attacks to gain access to networks, move laterally within them, and conduct additional attacks, such as remote code execution, memory corruption, information leaks of sensitive data, and denial of service attacks.

While 33 vulnerabilities — of which four are considered critical — may not sound a considerable amount, the scale of this makes it scary. Because of the multiple open-source TCP/IP stacks used in these devices, just one vulnerability has the potential to impact an almost unimaginably large number of IoT devices. According to the researchers, it is unlikely that these vulnerabilities will — or even can — be adequately patched to render them no longer a risk.

The Amnesia:33 disclosure is the latest instance of the enormous threat of vulnerabilities involving IoT devices. Unfortunately, it is far from alone in highlighting the lax security found on many such systems and devices.

Many Other Security IoT Vulnerabilities Exist

There are many examples of vulnerabilities found on IoT devices. New devices are continuously released, and these can bring with them all manner of new undiscovered vulnerabilities. While there are undoubtedly good actors in this space, who will show the proper diligence for security, manufacturers also won’t invest the time and effort to solve potential security issues.

With IoT as a whole lacking universal standard for security, many manufacturers do not prize security as highly as they should. Potential vulnerabilities can include weak, easily guessable passwords that come hard-coded on devices, insecure data transfer and storage methodologies, unpatched operating systems and software, and lack of secure, regular firmware updates as new vulnerabilities are discovered.

The problem with insecure IoT devices is compounded by a lack of user awareness about the risks in many cases. Even casual users without cybersecurity expertise are likely familiar with scams such as phishing emails and downloadable malware on personal computers. But technologies like smart devices are still so new that, for many, there is not the same level of awareness that they too could be vulnerable to attacks.

In some cases, “botnets” of thousands of malware-infected IoT devices have been used to wage massive Distributed Denial of Service (DDoS) attacks without their rightful owners even realizing that there is a problem. Attacks such as the Mirai DDoS attack of 2016 harnessed hundreds of thousands of improperly secured IoT devices and used them to attack services such as Reddit, GitHub, Netflix, and others.

Protect Yourself in The Age of the Internet of Things

For this reason, it is essential to secure IoT devices properly, and there are some measures users can implement themselves. Look into the identity theft protection.

For example, always change the name and password of a router. Use strong passwords that contain a mixture of characters and symbols unrelated to yourself. Wherever possible, utilize two-factor authentication to secure control of your IoT network. If you are accessing your IoT devices away from your home, avoid using public WiFi.

Besides, always make sure to install firmware updates for your devices whenever these are made available. As noted, this can be a failure of many IoT manufacturers. For this reason, ensure that you do proper research ahead of buying an IoT device to satisfy yourself that it comes from a reputable provider with a good track record for reliable security support.

One of the smartest moves you can make involves using tools such as Runtime Application Self-Protection (RASP), security systems that can protect applications against both known and zero-day vulnerabilities in a comprehensive manner. This can help to identify and block attacks before they have the chance to manifest. That makes it an incredibly powerful and valuable tool for defending IoT devices that may be vulnerable to exploitation.

The Internet of Things remains an immature field that’s still developing. Security risks shouldn’t negate the genuinely positive benefits IoT devices can bring to bear. However, it’s something users should be well aware of and take proactive steps to solve.