Internet of things is everywhere. They are inside the offices, cars and even homes and could be posing a serious internet security risk and users could not even be aware of it.
At the 2019 RSA Conference that started March 4 and ends today, Alex “Jay” Balan, Bitdefender’s Chief Security Researcher said that Internet of Things is not optional. He added that everything is becoming smart that is why IoT is not by user’s choice.
Balan explained that through simple home appliances and office equipment, the Internet of Things could be posing a serious internet security risk. He cited the network printer as an example that people believe to be internet safe as it is just a simple box. However, since most printers have a management console without a password, anyone can access the network printer without the need for an exploit. That means anyone can access the content of every printed paper easily.
Erez Yalon, head of the security research at Checkmarx, a software security company also sees the Internet of Things as a possible avenue of vulnerability. He stated that they have seen the attacks crawl from the web to mobiles and now to IoT. He said technologies such as web and mobile applications are setting up standards to prevent the vulnerabilities from penetrating while IoT remains unprotected.
Yalon classified the effects of serious internet security risk into two categories. The man-in-the-middle where confidential data and information aren’t really kept confidential at all and the denial of service wherein the device can no longer be used or accessed.
The Bitdefender representative shared a part of their study that proves how IoT could be posing a serious internet security risk. He revealed that using a simple IP camera, their team discovered so many vulnerabilities. Balan shared that by simply overloading the password field, they could execute arbitrary code and they can have full control over the operating system of the device because the code opens the remote shell.
Yalon, on the other hand, blames the risk to some vendors who allegedly ship items without encrypting. He also said that it is the users’ responsibility to pick IoT devices that have license agreements.
With the Internet of Things found everywhere, users are now left vulnerable for the possible serious internet security risk. Balan, however, assured the public that there is a way to protect homes from these risks. He said that if users are able to find a bug bounty program or the company has a system for automatic updates, then users are safe.