The world we live in, everything that surrounds us is now vulnerable to hackers. From your microwave to security cameras in your office, all of these can be hacked and used to do malicious things you can’t imagine.
As of now, we have 6.4 billion IoT devices and that number will reach 20 billion by the year 2020. This is the reason why security researchers are urging us to take security of IoT devices seriously, and my friend, they are soo right.
Of Course they are people who will say that it is already late as they consider the huge and massive DDoS attacks which have attacked KrebsOnSecurity, OVH, and just recently Dyn. All of these attacks used botnets of unsecured IoT devices.
But hey, hijacking IoT devices for DDoSing is only one of many ways attackers are going to use the affected IoT devices.
Are IoT Devices the Weak Spots of Enterprise networks ?
IoT devices are not just the points of attacks, they are the entry points hackers use to further attack the enterprise or even steal sensitive information. The best thing in this for hackers is that they can do all of this and still get away unnoticed.
Using the service of famous hacker named Samy Kamkar, ForeScout says that it normally takes an attacker less than three minutes to hack an IoT device.
In most of these scenarios, the problem is in the continued use of default passwords for the device’s management interface (It’s 2016 guys please be responsible and use strong passwords). Even though the device is not exposed to the Internet, sysadmins have to take the responsibility and change the default passwords.
In fact, one of the best security advice is to change the default password of any device, not necessarily IoT equipment.
Here is a video of the hacker demonstrating how he managed to hack an IoT device