Smart devices and appliances in homes are becoming increasingly ubiquitous, and as a result, the number of vulnerabilities smart device owners face is also multiplying. With no regulations around smart-device security, manufacturers are left to create their own proprietary standards for communication. It’s easy to see how basic principles of modern security are often neglected, resulting in millions of unprotected products shipped to market.
Given that smart devices inherently lack security, they can be hacked using a wide range of existing methods. These range from simple brute forcing login credentials to more sophisticated exploit techniques, which include reverse engineering firmware or operating systems to find zero-day vulnerabilities. Services and exploits used to hack Internet of Things (IoT) devices are already being sold on the Dark Web.
Botnets, which can be rented on the Dark Web, make it easy to infect thousands of devices at once with a script kiddie method by adopting someone else’s malware program for one’s own purposes. Given that manufacturers save money by using the same default login credentials for every device they produce, in real terms some IoT devices can be hacked in about 30 minutes. A Google search of a particular IoT device can reveal the default password even quicker.
Some exploit techniques are complex and expensive, and as such, remain less common for now. There are significant numbers of high-level hackers, however, with deep technical expertise who develop sophisticated malware that is then sold on to hackers lower down the cybercrime hierarchy. As soon as exploiting IoT vulnerabilities on a large scale becomes commercially viable these high-level hackers will inevitably develop this ‘complex’ IoT-specific malware.
But even simple brute force techniques can cause chaos. Everything from daily activities including times and locations, online habits, family and personal interests, as well as sensitive, private information, becomes available when hackers infiltrate homes.
Home IoT devices also open up possibilities for attacks such as service disruption ransomware in which a heating system or smart TV is taken down, blackmail ransomware, in which a victim has to pay to avoid compromising smart camera footage from being published, or home break-ins in which smart security systems are disabled.
CSPs: Gatekeepers of Data and Privacy Protection
Communication Service Providers (CSPs), however, are well-positioned to benefit from the surging growth of consumer IoT devices. IoT covers many areas from vehicle fleet management, route optimization, fuel management, and so on. Healthcare is also a fast-growing area with smart medical infrastructures helping relieve some of the burdens of patient monitoring from healthcare institutions such as elderly care, connected pacemakers and portable patient monitors.
From a CSP perspective, the infrastructure needs to be able to support some IoT-specific challenges, including of course cybersecurity. Unlike the mobile device world, these infrastructures typically combine vast numbers of low-cost devices transmitting small amounts of data at a low bandwidth and lacking an endpoint security solution.
That said, an entry point for CSPs that doesn’t require huge infrastructure investment is security for smart home devices. CSPs are typically already trusted brands in the home, providing telephony and internet services. They already run and secure networks, provide content services such as TV and have established billing relationships and bundling services.
Growing The User Base
IoT offerings that use existing infrastructure, such as broadband and mobile networks, to provide new security, convenience and entertainment services can enable CSPs to grow their user base, margins and revenue per customer.
IoT security offerings can be cost-effective to deploy and manage because they largely rely on an existing networking and organizational infrastructure. For example, CSPs can leverage Wi-Fi mesh networks that are generally easy to configure and provide advanced security features. What's more, when an update or patch is required it can be easily pushed over the network, without much intervention by the user.
Since the development of new technologies and services are not always a core CSP competency, CSPs will need to partner with innovative product development companies who can provide an end-to-end cybersecurity solution for IoT device, protection that starts at the residential gateway and extends into the cloud.
For example, the correct partner can provide protection that addresses all of the vulnerabilities smart devices are at risk of; safeguarding the residential gateway/network edge and using cloud-based security, artificial intelligence and machine learning to keep the smart homeowner safe.
This approach ensures malicious activity, including zero-day threats, are efficiently detected and constantly updated, and applied to smart homes as well as identifying and blocking attempts to ‘back door’ the smart home network. It also ensures service providers retain a balance between network edge and cloud-based security.
From the consumer perspective, this is simply one more service that dovetails with existing CSP services. However, it is a powerful one that provides peace of mind, strengthens loyalty to the brand, and guarantees CSPs lucrative new revenue streams in the fast-changing world.