The term internet of things (IoT) refers to the physical objects or “things” that are used every day within households and commercial settings to exchange data with other devices and systems over the internet. Some examples everyone will have come across in their daily lives include, but are not limited to modern thermostats, baby monitors, smart speakers, wearable fitness devices, and smart light bulbs.
IoT devices are simply any device that:
- Is capable of connecting to the internet
- Has integrated technology such as sensors, functional software which support network connections.
IoT Security
IoT security is the methods of protection put in place to secure these network-based devices. Since the number of different IoT devices is so broad, the level of security varies incredibly between each product type and design.
There are several different approaches developers will take to implement security into their IoT devices. These include:
- Application Program Interface (API)
- Public Key Infrastructure (PKI) authentication
- Network Security
The issues with IoT security
Many IoT devices were not built with security in mind, leading to potential vulnerabilities in a multiple device system. With this lack of security, many devices have been left to be manufactured and sold while being particularly vulnerable to exploitation.
The more our devices are connected to each other, the easier it is for hackers to intercept these interactions. With the rise in use of IoT devices, including those that utilise Bluetooth technology, the more challenges we face in managing their security.
IoT devices are known for having particularly large attack surface areas. Making them extremely vulnerable to interceptions from hackers. Although the accessibility of these devices provides great benefits to users, it also allows malicious actors the chance to interact with them remotely.
While it is great to see many new emerging technologies coming from a wide variety of industries, this does rain concerns. Not all companies are experts in developing secure devices, nor do they have the proper understanding of cyber security to implement it. This certainly causes some issues. Some companies either choose not to implement the right security or will be unable to, leaving devices open to threats.
Bluetooth devices under attack
Some IoT devices simply do not have the capability to integrate such sophisticated security, like firewalls or antivirus protection. This is particularly true in the case of Bluetooth devices, which many will find are barely able to connect to other devices. Many of these devices have come under attack, suffering as a result of data breaches. These attacks have become so common in fact that terms have been coined for specific cyber hacks on Bluetooth devices. ‘Bluebugging’ and ‘Bluejacking’ refer to two different types of Bluetooth hacking methods.
Bluejacking consists of people, usually criminals with minimal hacking experience, since this is quite simple and easy to do, taking control of Bluetooth devices by accessing them remotely. To avoid this, it is always advisable to keep your Bluetooth devices marked as ‘un-discoverable’ or ‘invisible’ in their settings.
Bluebugging will be used by hackers to access Bluetooth devices, most commonly to listen to phone conversations or to infiltrate email and SMS messages.
Protecting your business
With the more modern products, such as the latest smart services for the home, security may well have been taken into better consideration, while other devices are certainly lacking. When purchasing new IoT products, security has to be a factor within the decision-making process.
Another way in which you can protect your business from IoT threats is to ensure you carry out the correct patching and software updates. It's important to take notice of update notifications and install updates as immediately as possible. Often developers will release bug fixes and additional safety measures to secure their devices.
When using IoT devices throughout your business, particularly devices where you may store sensitive or private information, strong password security and multi-factor or two-factor authentications are also recommended to promote good cyber hygiene.
