Incorporated in a botnet
‘Another real danger is that an insecure device can be incorporated in a botnet’, warns Nota. ‘A botnet is a group of devices taken over via a particular vulnerability or misconfiguration. That allows a malicious actor to control those devices. Using a botnet, an attacker can carry out all kinds of attacks.’ For example: perform DDoS attacks or steal sensitive data from the network the device is a part of.
A digitally insecure device can harm users. But the dangers are real for device manufacturers as well. Security issues in products can lead to reputational damage and a drop in market value of the company.
How to make your IoT products more secure
What can you do to maximize the security of IoT products, as a manufacturer? ‘Ideally, a manufacturer will involve security experts during the design phase of a product’, says Nota. Of course, if the product is already on the market, that’s not possible.
There are a few security measures that are relatively easy to implement before a product goes to market, according to Nota: ‘Make sure not every device has the same default password. Also: make sure the software in the device can be updated. That way any security flaws you discover can be patched.’
For users, it’s important that they make sure IoT devices are isolated from each other and the rest of the network.
From headsets to door locks
Of course, another way to secure IoT devices, is to have them tested by security specialists like Nota, so that you can fix any vulnerabilities before a malicious actor can exploit them. Nota primarily tests the digital security of consumer electronics and medical devices at Secura.
‘Over my career I have tested a lot of unique devices. Smart pills, for example. But also applications that run on mixed reality headsets, a smart mattress, smart door locks, alarm systems, televisions, smart watches and muscle stimulators, to name a few. Most devices are physically sent to our testing lab at the Amsterdam office.’