Cybersecurity Risks with Smart Devices and IoT

We have entered the new era when it comes to cybersecurity and cyber attacks. Multi-stage exploits that open more opportunity to cybercriminals to become more damaging than ever before. The most recent cyber attack against Facebook, where 50 to 90 million accounts got affected came by multi-stage attacks. With each stage using a different exploit executed one after another to penetrate the otherwise secure and locked-down Facebook user’s cookie infrastructure.

The world has witnessed the growth of technology, started with the PC revolution of 1981, the growth of the Internet in the mid to late 90’s, the introduction of the portable computing devices such as the PDAs in the early 2000’s and the explosion of the smart mobile devices since 2007.

With new devices entering the market, the newest one is the Internet-of-Things devices (IoT), more possibilities of getting hacked. The new wave of devices like smartphones, tablets, and IoTs are more at risks than PCs and laptops. Since the manufacturers focus on the development of new features and fast release of new services more than security issues, security in smartphones is usually neglected. Smartphones, as opposed to ordinary mobile phones, use different technologies, so they are more exposed to different attacks. In addition, they are interoperating devices which work between the Internet and telecom networks, so they can bring Internet security threats to the telecom networks and cause serious damages and endanger critical call centers.

In general, malicious users can exploit vulnerabilities in Operating systems, software, protocols and network interface. It is interesting that regardless of how well the system of the victim is secured, its susceptibility to the attack relies on the state of security in the rest of the Internet. Attackers can apply different types of attacks and also can have a variety of objectives. Some of them try to reroute messages, and some of them try to damage the whole network and degrade its performance or overload the system with lots of unwanted packets, whereas others disrupt communication over the network and leave servers inaccessible to legitimate users by performing Denial of Service attacks (DoS). There are three basic kinds of DoS attacks: 1. Sending lots of packets and consuming limited resources (network, CPU, memory). 2. Changing or damaging configuration information. 3. Changing or damaging the components of the network.

We also need to take into consideration that smartphones, tablets and IoT devices usually have web browsers. Without proper protection, web browsers like other software are vulnerable to different attacks. There are many browser-based attacks originating from “bad” websites. Due to poor security in web applications and vulnerabilities in software supporting websites, attackers are able to compromise many trusted websites to send malicious payloads to visitors. Attackers can also add scripts that don’t alter the website‟s appearance in order to redirect the visitors to another website which may cause malicious programs to be downloaded into smartphones and obtain personal information. This type of attack is called a phishing attack which is also typically carried out by e-mail or instant messaging.

The manufacturers are advised by security experts to give more effort with security updating their devices. It is their legal responsibility to do so, as such devices are computers as well, in fact, they are more personal computers than PCs.