An estimated 80% of IoT devices are vulnerable to a wide range of attacks. Clearly, connecting traditionally ‘stand-alone’ smart devices such as lights, appliances and locks introduces numerous cyber security risks. Even connected baby monitors are vulnerable to digital intruders, as a number of horrified parents belatedly discovered when hackers spoke to their young children via compromised devices. Common cyber security threats and attacks against smart home devices include: Man-in-the-middle: An attacker breaches, interrupts or spoofs communications between two systems. For example, fake temperature data ‘generated’ by an environmental monitoring device can be spoofed and forwarded to the cloud. Similarly, an attacker can disable vulnerable HVAC systems during a heat wave, creating a disastrous scenario for service providers with affected models.
- Data and identity theft: Data generated by unprotected wearables and smart appliances provide cyber attackers with an ample amount of targeted personal information that can potentially be exploited for fraudulent transactions and identify theft.
- Device hijacking: The attacker hijacks and effectively assumes control of a device. These attacks are quite difficult to detect because the attacker does not change the basic functionality of the device. Moreover, it only takes one device to potentially re-infect all smart devices in the home. For example, an attacker who initially compromises a thermostat can theoretically gain access to an entire network and remotely unlock a door or change the keypad PIN code to restrict entry.
- Distributed Denial of Service (DDoS): A denial-of-service attack (DoS attack) attempts to render a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. In the case of a distributed denial-of-service attack (DDoS), incoming traffic flooding a target originates from multiple sources, making it difficult to stop the cyber offensive by simply blocking a single source. In fact, DDoS attacks are rising rapidly, primarily due to the lack of security in IoT Devices. The Mirai botnet attack was a massive distributed DDoS attack that left much of the internet inaccessible on the US east coast.
- Permanent Denial of Service (PDoS): Permanent denial-of-service attacks (PDoS), also known as phlashing, is an attack that damages the device so badly that it requires replacement or reinstallation of hardware. BrickerBot, coded to exploit hard-coded passwords in IoT devices and cause permanent denial of service, is one such example. Another example could see fake data fed to thermostats in an attempt to cause irreparable damage via extreme overheating.