Can you trust your IoT devices in 2020?

Since it’s inception, IoT and connected devices have gained quite a traction in the tech space. In all spheres of data-driven businesses, we are seeing companies harnessing IoT and distributed systems to make their processes more efficient and user-friendly. But together with these great developments, security risks are raising as well.

To envision a remotely controlled, internet enabled smart factory, it would require thousands of IoT devices to be deployed. And to host, maintain and secure this entire infrastructure of connected devices for a single company would cost hundreds of thousands of dollars. Ideally, these devices should be continuously monitored and give real-time updates to you -the user- in case of security breach. But is this what happens? Is there a possibility that your Internet connected surveillance cameras, your smart refrigerators and the IoT thermostats are being breached by massive cyber attacks, targeting the very protocols these devices use to connect with the servers and clouds?

In a similar scenario, an attack came into picture in 2016 turning thousands of websites including Twitter, GitHub, Paypal and AirBnb inaccessible to the common users. These attacks are typically created by preying on vulnerable IoT devices like your WiFi router set on a default password, your refrigerator with an outdated security patch or a IP camera working on top of an insecure network service. Cyber-attackers targeted these vulnerabilities and common household devices were made into a “botnet” — a term to describe a zombie army of connected devices.

The devices would continually access the DNS servers of several common websites and services, thereby generating huge traffic into them, eventually rendering them inaccessible for some time period. Not only are these tech giants were loosing out on potential traffic during this time span, the credential of these IoT devices were also exposed in the public domain. The generated web traffic is sometimes sold to organizations, common rivals to the targeted websites and other hackers as a paid service. In the 2016 case, this was a massive DDOS (Distributed Denial of Services) attack into Dyn, a common DNS service provider hosting several websites based in the Europe and US. IoT electronic manufacturer Chinese firm Hangzhou Xiongmai Technology admitted to have its DVRs and IP cameras hacked during this attack.

What makes it even worse? These devices would continuously be operational and functionally stable even while generating this traffic. Some of them also could not be protected due to their hard-coded credentials by their manufacturers and infrequent updates to their insecure interfaces — be it their backend API, clouds or device interfaces participating in their IoT infrastructure.

A head-start to future-proof against these attacks is to have a more efficient ecosystems to manage your IoT projects, so that devices can be easily and continuously monitored, not only during the initial deployment but throughout the entire life-cycle. At Seashell, we provide just this — an open-source backed plug-and-play solution for developers to remotely manage their IoT applications from deployment, to monitoring, to securing it from harmful malwares like those who are behind DDOS attacks.