While “Internet of Things” (IoT) devices open up new worlds of convenience, they’ve also introduced new security vulnerabilities. At the risk of overgeneralizing, many of these vulnerabilities stem from the ease of set-up and use that make these singular-purpose devices so attractive. They tend to be scaled down, with little internal memory, and lack strong out-of-the-box security, often shipped with default accounts and passwords enabled.
Yet despite their small stature, IoT devices punch above their weight class when it comes to threats. For example, the now infamous Mirai botnet attack in 2016 was perpetrated “via small, innocuous Internet-of-Things (IoT) devices like home routers, air-quality monitors, and personal surveillance cameras,” crippling high-profile websites, including Netflix, Spotify and CNN.
Take the Amazon-owned Ring doorbell, introduced on “Shark Tank” in 2013. It’s proved to be a revolutionary idea, but has also leaked Wifi login credentials, exposed homeowners’ audio and video transmissions to third-party attackers, and is vulnerable to hackers looking to take over the device.