The growing threat of Wi-Fi enabled IoT

Ryan Orsi of WatchGuard Technologies

There is a saying, ‘fast, cheap and good – pick two.’ This appears to apply to the IoT as manufacturers race to get new fast and cheap products to market, but at the expense of security.

There is no shortage of stories where IoT devices have been compromised, but when you start to combine the security vulnerabilities of the IoT with Wi-Fi, things begin to look a lot scarier, says Ryan Orsi, director Product Management at WatchGuard Technologies.

Let’s start with some IoT vulnerabilities by looking at the main attack vectors:

    • Network Services – IoT devices are connected to the network for a reason but when users set up these remote services, security usually isn’t top-of-mind. For example, an IoT webcam could be assigned to an open, unprotected port giving access to a user’s network.
    • Man-in-the-Middle (MiTM) Attacks – As IoT devices are not actively managed, this allows hackers to launch MiTM attacks in relative obscurity over wired or wireless networks. Today, the majority of wireless hacks involve a MiTM attack.
    • Cloud-based IoT – Most IoT devices have a cloud-based application that helps to manage the device. When these cloud services have poor security, they’re a prime target for hackers. After infiltrating the cloud service, attackers typically gain access to a plethora of user account information and devices. So essentially, access to one device is access to all devices associated with the service.

In 2016, the Mirai botnet emerged, taking down Netflix, Twitter and more. It exploited IP cameras, DVRs, and other household routers by scanning open ports connected to the Internet and then trying 61 common user name and password combinations that were found in manufacturer user guides. Once they gained access, the hackers had control of these devices and used them to launch the world’s largest DDOS attack against cloud DNS host Dyn from more than 160 countries.

While Mirai was not a Wi-Fi vulnerability per se it did highlight the fact that Wi-Fi is a major IoT attack vector for hackers. MiTM attacks are often used to gain access to Wi-Fi networks and once in, hackers can search for vulnerable IoT devices and plant back-door malware that will give them access to a network from anywhere in the world.

Think about the impact this could have. For example, telemedicine devices like home heart monitors or blood pressure sensors that gather information and send them back to physicians over Wi-Fi could be compromised. Or what about Point of Sale (POS) systems running payment-processing systems across Wi-Fi connected tablets.

This risk rises to another scale when connecting to a city wide public hotspot. Municipal Wi-Fi is designed to allow all devices to connect to an open, unsecured Wi-Fi network. South Africa has one of the largest municipal Wi-Fi networks, which supports connections from 1.8 million unique devices.

If you join an unsecured open Wi-Fi network with your IoT device, there’s a chance you’re vulnerable to an attack. While this is becoming a hot issue, there remains a clear lack of motivation to secure IoT devices, putting the focus on government to introduce regulations as the fastest way to get manufacturers to prioritise security by design.

Organisations offering Wi-Fi can also take matters into their own hands to help ensure consumer safety.

If you’re delivering Wi-Fi to customers, employees or partners, consider these five tips:

    • Deploy a new Wireless Intrusion Prevention System (WIPS) that can easily isolate rogue APs and stop MiTM attacks in real-time.
    • Use Wi-Fi network segmentation to separate guest and private networks. Not only will this boost performance but will help keep any intrusion contained.
    • Use policies to segment IoT devices like web-cameras, thermostats and others away from guest and private networks.
    • Use a Unified Threat Management (UTM) appliance to secure the traffic as it traverses each network segment.
    • If you’re not an expert in network management or security, hire a managed security service provider (MSSP) to handle the burden.

Until the market demands better security, hackers will continue to exploit vulnerabilities in IoT, costing the industry dearly. But companies can help by taking the necessary steps to deliver secure Wi-Fi for customers and employees. As IoT devices multiply, having secure Wi-Fi will be vital to keeping them safe. It’s time to tell IoT manufacturers that we want better security. If we don’t take security seriously, then neither will they.

The author of this blog is Ryan Orsi, director Product Management at WatchGuard Technologies

Comment on this article below or via Twitter: @IoTNow OR @jcIoTnow

RECENT ARTICLES

Motive and Navistar partner to equip fleet operators with robust vehicle telematics data and insights

Posted on: July 1, 2022

San Francisco, USA. 29 June 2022 – Motive, the specialist in Automated Operations, and Navistar, a manufacturer and solutions provider to the medium-, heavy- and severe-service trucks industry, announced today a strategic partnership and future product integration that will connect Motive’s Automated Operations Platform with Navistar’s OnCommand Connection telematics and Advanced Remote Diagnostics solutions.

Read more

Seamless indoor cellular coverage has earnt its rightful place as a 4th utility

Posted on: July 1, 2022

“Network infrastructure including fibre broadband and Wi-Fi access points are factored into all new building projects from the outset, with mobile coverage infrastructure taking second place. Both should be given equal status in a world driven by tech,” says Colin Abrey of Nextivity.

Read more
FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more
IoT Newsletter

Join the IoT Now online community for FREE, to receive: Exclusive offers for entry to all the IoT events that matter, round the world

Free access to a huge selection of the latest IoT analyst reports and industry whitepapers

The latest IoT news, as it breaks, to your inbox