When it comes to security measures of the internet-connected devices, the Internet of Things has proven deficient. After a new report from the cybersecurity provider F-Secure, the threats and the number of attacks are increasing because they rely on the unpatched software and weak passwords. F-Secure Labs has collected and analyzed data highlighting that the dangers of internet-connected devices are overgrowing than in the past.
Moreover, after the F-Secure report, the threats have doubled in 2018, growing from 19 to 38 in a single year. The methods used are still predictable and known techniques to threaten the devices. Some examples are the unpatched vulnerabilities; weak credentials are totalizing 87% of the detected threats.
We Have Smart Devices with Poor Deficient Security
A consultant from F-Secure, Tom Gaffney says that we have a big market that offers all kind of devices to consume, but not all the vendors pay attention to security. Some of them have improved the security service than in the past, but consumers could still buy from many manufacturers that security and privacy are still vulnerable to attacks. Also, some companies pay attention to security and privacy, companies like Google and Amazon. Those two have made decisive steps in their smart home products.
The things changed when a threat like Gafgyt was released and started targeting a lot of IoT devices like CCTC devices, BusyBox devices, and DVR devices. Until 2014 IoT threats were rarely encountered.
Moreover, in October 2016, from Gafgyt code was developed Mirai, the first IoT malware that achieved global infamy. This malware attack was the largest in history by using the most massive distributed denial-of-service. Mirai has used 61 unique combinations of credentials for infection. In three months the numbers had increased by almost 500.
The Root Cause
F-Secure Labs Principal Researcher, Jano Niemela, says that the “root of evil” of the IoT devices starts from the manufacturers. Unfortunately, most of the vendors develop license software kits for their smart cameras, chipsets, smart appliances, and other IoT devices. Those licenses are coming with vulnerabilities and other issues.