Analysts at Juniper Research say the number of connected IoT (Internet of Things) devices, sensors and actuators will exceed 46 billion by 2021. As the analysts note, the 200% increase (from 2016) is expected to be driven by a reduction in unit hardware costs that will likely approach the ‘magic’ $1 price point.
Juniper Research analysts also confirm that cybersecurity security is at a boiling point, with the threat landscape widening.
“IoT DDoS (distributed denial-of-service) ‘botnet’ attacks have become infamous in 2016, although in the medium-term, personal data theft, corporate data theft and physical asset damage will be the primary goals for IoT hackers,” the analysts explained in a recent press release.
“[Nevertheless], the enterprise and industry are investing heavily in security for the IoT. However, the consumer market landscape is woeful [with] lax attitudes typified by […] astounding ‘do nothing’ Mirai Worm advice to consumers. Regulatory, corporate and media collaboration [will] be needed in order to improve the overall threat landscape.”
As we’ve previously discussed on Rambus Press, Mirai malware infects vulnerable devices IoT devices by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords. According to cybersecurity journalist Brian Krebs, vulnerable devices are then seeded with malicious software that turns them into ‘bots,’ forcing them to report to a central control server that can be used as a staging ground for launching powerful DDoS attacks designed to knock Web sites offline.
It is therefore important for consumers to be cognizant of the very real threat posed by insecure IoT devices, such as connected appliances, routers, IP cameras and digital video recorders. Unlike PCs and mobile devices such as tablets or smartphones, serious or even critical vulnerabilities are very rarely addressed with firmware updates by manufacturers in a timely manner.
With the number of devices, sensors and actuators is projected to reach over 46 billion by 2021, the specter of attackers exploiting vulnerable and poorly secured IoT devices looms ever larger. Indeed, the overall effectiveness of a DDoS attack is contingent upon the number of IoT devices participating in any distributed denial-of-service campaign. Vulnerable IoT endpoints clearly provide attackers with the scalability needed to launch effective DDoS attacks.
One approach to achieving a safer IoT would see devices secured throughout their lifecycle from chip manufacture, to day-to-day deployment, to decommissioning. This can be accomplished with a silicon-based hardware root-of-trust that offers a range of robust security options for IoT devices, including secure connectivity between the IoT device and its cloud service.
It may also be time for the industry to re-examine the current state of DDoS protection on the service side. One possible way of shoring up defenses against costly DDoS attacks would be to bolster cloud service security. This can be done by uniquely and cryptographically verifying each IoT device to determine if it is authorized to connect to a specific service. Devices that are not authenticated can be denied access to the service, which would, in turn, reduce the effectiveness (and damage) of a DDoS attack.
Interested in learning more about IoT security? You can check out our article archive on the subject here.