The growing threat of Wi-Fi enabled IoT

Ryan Orsi of WatchGuard Technologies

There is a saying, ‘fast, cheap and good – pick two.’ This appears to apply to the IoT as manufacturers race to get new fast and cheap products to market, but at the expense of security.

There is no shortage of stories where IoT devices have been compromised, but when you start to combine the security vulnerabilities of the IoT with Wi-Fi, things begin to look a lot scarier, says Ryan Orsi, director Product Management at WatchGuard Technologies.

Let’s start with some IoT vulnerabilities by looking at the main attack vectors:

    • Network Services – IoT devices are connected to the network for a reason but when users set up these remote services, security usually isn’t top-of-mind. For example, an IoT webcam could be assigned to an open, unprotected port giving access to a user’s network.
    • Man-in-the-Middle (MiTM) Attacks – As IoT devices are not actively managed, this allows hackers to launch MiTM attacks in relative obscurity over wired or wireless networks. Today, the majority of wireless hacks involve a MiTM attack.
    • Cloud-based IoT – Most IoT devices have a cloud-based application that helps to manage the device. When these cloud services have poor security, they’re a prime target for hackers. After infiltrating the cloud service, attackers typically gain access to a plethora of user account information and devices. So essentially, access to one device is access to all devices associated with the service.

In 2016, the Mirai botnet emerged, taking down Netflix, Twitter and more. It exploited IP cameras, DVRs, and other household routers by scanning open ports connected to the Internet and then trying 61 common user name and password combinations that were found in manufacturer user guides. Once they gained access, the hackers had control of these devices and used them to launch the world’s largest DDOS attack against cloud DNS host Dyn from more than 160 countries.

While Mirai was not a Wi-Fi vulnerability per se it did highlight the fact that Wi-Fi is a major IoT attack vector for hackers. MiTM attacks are often used to gain access to Wi-Fi networks and once in, hackers can search for vulnerable IoT devices and plant back-door malware that will give them access to a network from anywhere in the world.

Think about the impact this could have. For example, telemedicine devices like home heart monitors or blood pressure sensors that gather information and send them back to physicians over Wi-Fi could be compromised. Or what about Point of Sale (POS) systems running payment-processing systems across Wi-Fi connected tablets.

This risk rises to another scale when connecting to a city wide public hotspot. Municipal Wi-Fi is designed to allow all devices to connect to an open, unsecured Wi-Fi network. South Africa has one of the largest municipal Wi-Fi networks, which supports connections from 1.8 million unique devices.

If you join an unsecured open Wi-Fi network with your IoT device, there’s a chance you’re vulnerable to an attack. While this is becoming a hot issue, there remains a clear lack of motivation to secure IoT devices, putting the focus on government to introduce regulations as the fastest way to get manufacturers to prioritise security by design.

Organisations offering Wi-Fi can also take matters into their own hands to help ensure consumer safety.

If you’re delivering Wi-Fi to customers, employees or partners, consider these five tips:

    • Deploy a new Wireless Intrusion Prevention System (WIPS) that can easily isolate rogue APs and stop MiTM attacks in real-time.
    • Use Wi-Fi network segmentation to separate guest and private networks. Not only will this boost performance but will help keep any intrusion contained.
    • Use policies to segment IoT devices like web-cameras, thermostats and others away from guest and private networks.
    • Use a Unified Threat Management (UTM) appliance to secure the traffic as it traverses each network segment.
    • If you’re not an expert in network management or security, hire a managed security service provider (MSSP) to handle the burden.

Until the market demands better security, hackers will continue to exploit vulnerabilities in IoT, costing the industry dearly. But companies can help by taking the necessary steps to deliver secure Wi-Fi for customers and employees. As IoT devices multiply, having secure Wi-Fi will be vital to keeping them safe. It’s time to tell IoT manufacturers that we want better security. If we don’t take security seriously, then neither will they.

The author of this blog is Ryan Orsi, director Product Management at WatchGuard Technologies

Comment on this article below or via Twitter: @IoTNow OR @jcIoTnow

RECENT ARTICLES
5th Edition Connected Africa announces Telecom Innovation & Excellence Awards 2024 banner

5th Edition Connected Africa announces Telecom Innovation & Excellence Awards 2024

Posted on: April 19, 2024

The International Center for Strategic Alliances (ICSA) has announced the 5th Edition Connected Africa- Telecom Innovation & Excellence Awards 2024, set to be held on 22 May 2024 in Johannesburg, South Africa. Under the theme “Building a Connected Global Economy,” the summit aims to influence the telecom in Africa. With a focus on fostering forward-thinking

Read more
local retailer taking care his business

Facilio launches refrigerant tracking and leak detection software

Posted on: April 19, 2024

Property operations software firm Facilio has announced the launch of its ready-to-deploy refrigerant tracking and leak detection software solution. This is meant for all grocery and convenience store operators who want to implement an automatic leak detection system to identify and mitigate potential refrigerant leaks to achieve 100% compliance.

Read more
FEATURED IoT STORIES
What is IoT answer

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more
iot adoption

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more
IoT Now Enterprise Buyers’ Guide Which IoT Platform 2021

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more
CAT-M1 vs NB-IoT

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more
internet of things isometric illustration of connected things

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
iot challenges and issues

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more