The internet-of-things (IoT) only plays a small role in our every day lives today but as more smart devices and equipment becomes available to cater to our needs a more complex environment will exist. Gartner, a leading research and advisory company based in the US, estimated that 25.1 billion internet-connected devices will be connected by 2021. Their research shows the more we connect the higher the rate of logic errors, and new challenges will have to be faced to manage, track and debug - especially if IoT automation platforms overlap each other.
We are quickly heading towards complex IoT environments (CIE), as smart devices, appliances and other smart equipment need to be connected so they can interact with each other on a daily basis.
IoT automation platforms
Managers of smart buildings and homes need to be aware that each additional user-friendly application that is connected increases their complex IoT environment and opens the door for increased cybersecurity attacks. The source that allows each device to interact with each other is software products called IoT automation platforms or servers. It allows, through a set of custom rules, your CIE smart devices to automatically interact with each other. It is the IoT automation server that is vulnerable to cyber attacks when each additional device is connected to the complex IoT environment with a different set of automation rules.
Dangers of remote control
Trend Micro, a Japan-based worldwide leader in server security, whose research shows that chaining multiple user-friendly smart devices can be hard to manage since security is not built into the devices. Smart buildings and homes are usually managed remotely and because many times IoT automation servers are left open on public internet they become an easy target for attackers.
This vulnerability can allow attackers to monitor activities, collect information about the surroundings in order to break into smart buildings and homes, or even worst reprogram automation rules, steal hardcoded sensitive data including log-ins, add new devices, infect applications with malware, and conscript devices into botnets.
Defence against attackers
Trend Micro has provided defence measures that can be adopted to help ward off threats in CIE IoT environments, they include use strong passwords, enable the two-factor authentication when you can, turn off unnecessary services and limit amount of information gathered by devices. They advise changing default settings, don't use unverified third-party applications, enable encryption on disk storage and all communication platforms, plus do regular backups, and use file integrity monitor to check for unauthorized changes of configuration files.
