The WannaCry ransomware attack from this May made the whole world think about cyber security issues once again. Another unique point for WannaCry versus previous cyber attacks is IoT also got involved with the crisis as well. We learned from the news reports that this worm virus was different from usual. It had not only tried to encrypt computer data, but it had also attacked connected devices such as medical and teaching equipment in hospitals and schools. This is also why this May’s cyber attack has influenced so many industries.
IoT has minimized the barrier between the Internet and devices. Once one of these two is attacked, the other one would also be involved inevitably. As for the IoT security, cameras on our smart devices and smart homes are the most associated aspect of every one of us and may have influence on our everyday life.
Thanks to the IoT technology, we can remote control those connected cameras. Even if we are not home, we still can access these devices and check our properties. However, just because we are using those connected cameras and devices, if we do not do a good job in terms of security, such as utilizing weak passwords, or even no pin, criminals could easily access and control our devices by large scale scanning. According to Gao Sheng, senior software engineer from China’s national Internet Emergency Center, passcodes like “user”, ”admin”, and pure numbers have been widely used, and are the easiest ones to decrypt and hack.
As the concept of a connected world is becoming more and more popular, different types of smart home appliances have become first choice for millions of families. And because of this, the cyber attacks on IoT are changing to multiple modes. Outlaws can access all connected appliances by only hacking one router. According to Helpnetsecurity, U.S. (28%) and China (7%) are the two countries that experience the most cyber attacks. In 2015, the X-code Ghost incident had deeply influenced China’s iOS development environment. It still reigns as the most famous cyber security accident regarding the Internet and IoT in China.
Lots of Chinese developers used an unofficial iOS development kit that had been modified by malware, later dubbed X-code Ghost. The malware injected third party code into apps compiled with it. Since this attack happen on the developer side at compile time, even jail broken devices were affected. The X-code Ghost incident influenced lots of popular apps that have billions of users, such as WeChat, Didi, and so on. Both of these popular apps affect every facet of Chinese user’s normal life because of IoT.
IoT security attacks caused because of the Internet will not only impact normal people’s life, but also produce more serious problems to large-scale enterprises. Based on the report titled Toward New Possibilities in Threat Management from Price Waterhouse Coopers in 2017, the number of cyber attacks in the East Asia region has rapidly increased by 969%, and security incidents of industrial IoT have increased over 22x. Due to most enterprises using semi-automatic production models, and the popularity of smart connected systems, countless IoT devices have been utilized into the production process. But, many parts of these devices are still keeping the factory passwords, which are weak pins like “user” and “admin”.
They Get You Coming in and Going Out
For general users like us, right now, there are two kinds of cyber attacks: inbound and outbound. Inbound cyber attacks target our smart devices like phones, tablets, or cameras directly. DNS Amplification Attacks are common outbound attacks, with over 80% of family level cyber attacks resulting from router issues. To this point, Helpnetsecurity suggested three tips to actively avoid attacks. First, we need to periodically change the passcode of our smart devices and family Internet. Second, do not connect to unknown Wi-Fi and Bluetooth devices. Last but not least, upgrade device software in a timely fashion.
Nowadays, both iOS and Android will send out an upgraded version regularly, even every app on our phone will release upgrades frequently. Some users think these upgrades are annoying and choose to shut down this function, but most of the upgrades are related to security issues. As normal users, timely upgrading of our devices and apps is our best way to increase our cyber safety.