IOT and cybersecurity 2022

we are using more and more IOTs. However there are hidden risks that we should be aware

Photo by Dan Cristian Pădureț: https://www.pexels.com/
Photo by Dan Cristian Pădureț: https://www.pexels.com/

Evolution of IOT

I am sure most of my readers are aware of the explosion of “Internet of Things(IOT)”. Since World Wide Web and email got popular consumers usage from 1990s’, the reach of internet coverage increased exponentially. I am not sure there is a Moore’s Law for the internet but I am sure the rate is faster than the growth of computing power. The enhanced network connectivity boosted the increases in usage both in terms of technology and cost.

Portable computing devices may be the first batch of IOTs. Prior to the availability of wireless network, digital phone coverage, etc, almost all computers are stationary. The popularity of handheld devices like TRS-80 pocket computer, Palm Pilot, Apple Newton, Compaq IPAQ, etc led to the development of mobile phones. I do not need to mention Android and iPhone (do you remember Windows Phone?) that most of us are using today.

Broadly speaking, IOT also includes laptop computers and other computing equipment. However, not everyone remembers that there are many other non-traditional devices that are also IOT. Some smart electrical appliances such as refrigerators, vacuum cleaners and even coffee machines can connect to home network or Internet. Other IOTs include smart sensors, home automation system, security system. Even small RFID sensors that we find in most merchandise in retail stores are part of the IOT systems.

Why is IOT a cybersecurity threat?

By nature, almost all IOT devices need to be connected to the computing network. This can be the infrastructure of major industrial plants to commercial & business operations to home environment. Usually, the network installations at major industrial and business organisations are properly configured and protected against cybersecurity. However, the level of protection may not be the same for small business and home operators.

The other factor that helps the vulnerability is that some IOTs appear to be so harmless and convenient to us. Not everyone is thinking whether their network connected coffee machine may become the point of entry to their home network.

Not all IOT manufactures are required to pass the same level of scrutiny as the major network and computing system manufacturer. The popularity of IOTs lead to a booming industry with smaller operators and backend support organisations popping up everywhere.

As an example, smart plug has become very popular for home users to control their appliances by home automation or voice commands. Meross and Arlec are two popular brands in Australia.

For Meross, according to this site, the company is headquartered in Chengdu, China. While Arlec is an Australian registered company, the particular power plug Arlec PC191HA Smart Meter Socket is using Tuna based backend app. Again, my research is showing that Tuya is a company that is not based in Australia. I am not saying that products from these companies are not safe, I just want to highlight on the complexity of manufacturing and support, especially for consumers targeted IOT market.

How do we reduce the cybersecurity risk?

For home users, unless we want to stay away from technology altogether, there is always some risk that we have to manage. For most users, these are a few things that we can do

  • use high-quality products that have an excellent reputation. So check reviews from others.
  • buy products that have certification, such as Apple HomeKit certification
  • harden the network installation, especially the Wi-Fi system. I am surprised to know that a lot of users are still using the default Wi-Fi router configuration or even without setting up an admin password to login.