The growing threat of Wi-Fi enabled IoT

Ryan Orsi of WatchGuard Technologies

There is a saying, ‘fast, cheap and good – pick two.’ This appears to apply to the IoT as manufacturers race to get new fast and cheap products to market, but at the expense of security.

There is no shortage of stories where IoT devices have been compromised, but when you start to combine the security vulnerabilities of the IoT with Wi-Fi, things begin to look a lot scarier, says Ryan Orsi, director Product Management at WatchGuard Technologies.

Let’s start with some IoT vulnerabilities by looking at the main attack vectors:

    • Network Services – IoT devices are connected to the network for a reason but when users set up these remote services, security usually isn’t top-of-mind. For example, an IoT webcam could be assigned to an open, unprotected port giving access to a user’s network.
    • Man-in-the-Middle (MiTM) Attacks – As IoT devices are not actively managed, this allows hackers to launch MiTM attacks in relative obscurity over wired or wireless networks. Today, the majority of wireless hacks involve a MiTM attack.
    • Cloud-based IoT – Most IoT devices have a cloud-based application that helps to manage the device. When these cloud services have poor security, they’re a prime target for hackers. After infiltrating the cloud service, attackers typically gain access to a plethora of user account information and devices. So essentially, access to one device is access to all devices associated with the service.

In 2016, the Mirai botnet emerged, taking down Netflix, Twitter and more. It exploited IP cameras, DVRs, and other household routers by scanning open ports connected to the Internet and then trying 61 common user name and password combinations that were found in manufacturer user guides. Once they gained access, the hackers had control of these devices and used them to launch the world’s largest DDOS attack against cloud DNS host Dyn from more than 160 countries.

While Mirai was not a Wi-Fi vulnerability per se it did highlight the fact that Wi-Fi is a major IoT attack vector for hackers. MiTM attacks are often used to gain access to Wi-Fi networks and once in, hackers can search for vulnerable IoT devices and plant back-door malware that will give them access to a network from anywhere in the world.

Think about the impact this could have. For example, telemedicine devices like home heart monitors or blood pressure sensors that gather information and send them back to physicians over Wi-Fi could be compromised. Or what about Point of Sale (POS) systems running payment-processing systems across Wi-Fi connected tablets.

This risk rises to another scale when connecting to a city wide public hotspot. Municipal Wi-Fi is designed to allow all devices to connect to an open, unsecured Wi-Fi network. South Africa has one of the largest municipal Wi-Fi networks, which supports connections from 1.8 million unique devices.

If you join an unsecured open Wi-Fi network with your IoT device, there’s a chance you’re vulnerable to an attack. While this is becoming a hot issue, there remains a clear lack of motivation to secure IoT devices, putting the focus on government to introduce regulations as the fastest way to get manufacturers to prioritise security by design.

Organisations offering Wi-Fi can also take matters into their own hands to help ensure consumer safety.

If you’re delivering Wi-Fi to customers, employees or partners, consider these five tips:

    • Deploy a new Wireless Intrusion Prevention System (WIPS) that can easily isolate rogue APs and stop MiTM attacks in real-time.
    • Use Wi-Fi network segmentation to separate guest and private networks. Not only will this boost performance but will help keep any intrusion contained.
    • Use policies to segment IoT devices like web-cameras, thermostats and others away from guest and private networks.
    • Use a Unified Threat Management (UTM) appliance to secure the traffic as it traverses each network segment.
    • If you’re not an expert in network management or security, hire a managed security service provider (MSSP) to handle the burden.

Until the market demands better security, hackers will continue to exploit vulnerabilities in IoT, costing the industry dearly. But companies can help by taking the necessary steps to deliver secure Wi-Fi for customers and employees. As IoT devices multiply, having secure Wi-Fi will be vital to keeping them safe. It’s time to tell IoT manufacturers that we want better security. If we don’t take security seriously, then neither will they.

The author of this blog is Ryan Orsi, director Product Management at WatchGuard Technologies

Comment on this article below or via Twitter: @IoTNow OR @jcIoTnow


9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

Infineon and Rainforest Connection create real-time monitoring system to detect wildfires

Posted on: October 22, 2021

Munich and San Jose, California, 21 October, 2021 – Infineon Technologies AG a provider of semiconductors for mobility, energy efficiency and the IoT, announced a collaboration with Rainforest Connection (RFCx), a non-profit organisation that uses acoustic technology, Big Data and Artificial Intelligence / Machine Learning to save the rainforests and monitor biodiversity.

Read more

Infineon simplifies secure IoT device-to-cloud authentication with CIRRENT Cloud ID service

Posted on: October 21, 2021

Munich, Germany. 21 October 2021 – Infineon Technologies AG launched CIRRENT Cloud ID, a service that automates cloud certificate provisioning and IoT device-to-cloud authentication. The easy-to-use service extends the chain of trust and makes tasks easier and more secure from chip-to-cloud, while lowering companies’ total cost of ownership. Cloud ID is ideal for cloud-connected product companies

Read more