IoT devices vulnerable to hackers
The internet of things (IoT) is emerging as the IT industry’s “next big thing” but the connected-device technology is riddled with security vulnerabilities that expose people’s devices to cyber-attacks, according to a state-backed agency, Monday.
To make matters worse, there seems to be little sense of urgency to contain the potential risks.
According to the Center for Software Security and Assurance (CSSA), cyber-attacks exploiting flaws in IoT devices have been on the rise in Korea. The CSSA is an affiliated organization of the Ministry of Science, ICT and Future Planning.
The IoT refers to a network of physical objects, including vehicles, buildings and electronic devices connected to the internet to exchange data. It allows such objects to be monitored and controlled remotely.
Recently, a number of cases were reported of internet-connected printers spontaneously printing out pages saying hackers have accessed and commandeered the printers remotely because of the devices’ connection to open and unsecured networks.
“With more IoT devices showing up, we see growing security threats regarding the technology,” CSSA director Lee Hee-jo said at an IoT-related conference in Seoul last week.
“Compared with personal computers, IoT devices are more vulnerable to cyber-attacks. Worse, beefing up their security is typically put on the back burner, so they have fallen victim to hackers amid the IoT’s growing presence.”
According to a report earlier this month by Gartner, a U.S. technology researcher, 8.4 billion connected “things” will be in use worldwide this year, up 31 percent from 2016, and the total number is forecast to reach 20.4 billion by 2020.
Security challenges for IoT devices are also increasing because hackers can easily access network information and install malware in vulnerable devices.
Shodan is a search engine that allows users to examine all internet-connected devices; IT security industry officials suspect the recent printer hackings were conducted by hackers who exploited data from the search engine.
In addition, the IT security industry also blames the public release last year of the source code for Mirai, a malware program, for a series of massive distributed denial-of-service (DDoS) attacks recently. Mirai enables attackers to hijack poorly secured IoT devices and direct them to submit data requests to a target system, overwhelming its resources and disabling it. Users may not even notice that their devices are linked together with other compromised systems and devices in networks, called botnets, to carry out such DDoS attacks.
Last October in the United States, Mirai was exploited in a massive attack on a server provider and many popular websites including Twitter, Netflix and Amazon went down.
Amid growing cyber-attacks on IoT devices, the government remains on high alert against possible attacks on key government agencies and social infrastructure-related facilities _ particularly ahead of the presidential election this year.
“There is the possibility that huge denial-of-service attacks could occur by using IoT devices from home and abroad,” said Jeon Kil-soo, an official of the state-run Korea Internet and Security Agency, warning that the country may be exposed to more malicious software as hackers increasingly breach internet-enabled devices.