Currently, many consumers use connected objects. But what are they really? A connected object is simply a device that allows capturing, storing, processing and transmitting information. More and more brands create new products of this kind, to great joy of consumers. Indeed, connected objects greatly facilitate life of consumers. But how is security of these connected objects ensured? What does legislation say about this? And how to avoid being hacked by a connected object? We answer all these questions in this article! Are you ready? Let's go!
Security issues related to connected objects
Trust issue
Currently, many consumers own connected objects. Whether it's speakers, a scale, a watch or even a lamp, connected objects are flourishing day by day. However, among all people owning connected objects, not less than two thirds do not trust these new technologies.
If we take example of connected watches, this is the object that the French own most. The latter is synchronized with your phone. You can therefore receive your messages, your notifications or even your calls directly on your watch. Quite practical, don't you think?
With this kind of connected objects, the consumer is not safe from having their watch or their phone hacked. In other words, all the information contained on watch can therefore be available to person who hacked this device.
If we now take example of the Alexa speaker, produced and sold by Amazon. Many consumers snapped it up. When the device is sold to us, the consumer is delighted: they can easily activate their music remotely, have unlimited voice commands.
But a few weeks after the release of this famous speaker, many controversies took place. Some Amazon employees listened to conversations of consumers owning Alexa.
It goes without saying that the company Google also spied on consumers with these Home Mini speakers. Although the company, like Amazon, clearly denied these facts, archives were found.
It should also be noted that currently there is no feedback on confidential information heard by the Alexa and Home Mini speakers. This nevertheless raises a real question concerning trust. What is it really?
It is difficult for a consumer to have blind trust in connected objects. Some do not realize what can happen. Do we have nothing to hide? All the collected data make us raw materials that big companies fight over.
Risks, threats and vulnerabilities
Connected objects have a certain number of threats. Indeed, the security flaws of connected objects are numerous. It is possible to define 4 different risks and vulnerabilities:
- A hidden but exploitable potential: many connected objects simply allow giving the outside temperature or informing the consumer about snowfall. However, some objects allow cybercriminals to obtain a certain number of pieces of information about consumers, without the object in question failing its basic objective. This while some objects are not entitled to be consulted by anyone when we buy them in accordance with the sales conditions.
- The access to a certain number of confidential data: this mainly concerns companies. Indeed, certain industries wishing to be at the top in terms of technologies do not hesitate to invest a lot of money in them. Cybercriminals target them as a priority for the wealth of information produced there. In a context of global economic war, the company data is a choice morsel, very poorly secured, or not at all.
- Sabotage: whether for the companies and the consumers, it is important to take into account that a hacker can sabotage the computer system. It is enough for them to enter the various connected objects of a house or a company to act in a harmful way. Moreover, if a company has a certain number of industrial machines, the hacker can simply take a production line hostage and demand a ransom.
- The botnets: these are connected objects diverted from their primary function. Botnets exist to carry out DDoS attacks. This allows sending a large number of requests to a specific target. Thus, the hacker overwhelms their target and makes its services inaccessible.
Obviously, the risks are diverse and multiple. They are not limited to 4 and each day new issues can appear.
Evolution of attack modes
Currently, there are a certain number of new cyberattacks. Hackers try as best they can to attack, whether individuals or companies. Let's take a quick tour of these new attacks.
| The cryptojacking | With the arrival of the cryptocurrency, it goes without saying that a certain number of new attacks have appeared. Indeed, after the bank account hacking, it is the cryptojacking that we will talk about from now on. This is also called malicious cryptocurrency mining. Hackers enter the computer tool, whether it is a computer, a smartphone, a server or even a connected object to exploit the computing power and produce cryptocurrency in the background. In other words, the user does not realize the deception. And given the number of connected objects, this represents a non-negligible computing power. |
| The ransomwares, also called ransomware | This is simply blocking the data of a consumer or a company and returning it to them when they have paid the requested ransom in cryptocurrency. |
| The intrusion in connected objects | As we have explained since the beginning of this article, a certain number of hackers access your connected objects. Once again, whether you are a company or an individual, it does not matter to the hacker. Indeed, the latter simply wishes to have access to data to which they would not have had access under normal circumstances. |
| The geopolitical attacks | Here, these are mainly countries that attack others via computers. Indeed, the objective of the latter is, solely, for the purpose of destabilization, intimidation or even in the context of industrial espionage. |
| The cross-site scripts | In this case, the hacker easily puts a script injection on a page. When the target accesses it, this corrupts their browser. |
| The mobile malwares | Yes, for a few months, you can now have a virus on your mobile phone. You just have to properly protect your smartphone or just not trust it. |
| The phishing | You certainly see pop-ups opening when you want to access a website. These generally offer you to click to recover a certain sum of money. Or, this can correspond to a fake email that you receive from your bank. In any case, these are mainly phishing attacks to recover your data. |
| The spoofing | If you receive an email from yourself or from one of your loved ones that is a bit strange, you have been attacked with spoofing. However, do not be fooled, even if the attack seems credible. |
This is just a non-exhaustive list of attacks that we can see currently. Indeed, it is also possible to be attacked physically. Let's take as examples the car attack, the attack against a cloud space or even the attack against medical devices.
All these attacks are not related to connected objects and fortunately! However, this does not prevent you from being careful!
Emergence of botnets
Connected objects are increasingly conducive to the emergence of botnets. Indeed, we can give you the example of Mirai.
Mirai is a botnet created in 2016. It had made headlines at the time since the latter had made large sites and various services crash. At present, this botnet is active again, but for the connected objects.
But what really is a botnet? It is simply a group of infected computers that the hacker can control remotely. These are viruses that are injected into various computer machines. Currently, some of them are known and recognized in the computer field, such as Zeus, Waledac, Conficker or even Kelihos.
Botnets work mainly with the bandwidths of connected objects or computer tools. This therefore allows them to send several tens of thousands of pieces of information to a website. The latter will therefore end up crashing.
The legal vacuum concerning the security of connected objects
From a legal point of view, it is difficult to protect individuals or companies against the various attacks towards the connected objects. Indeed, the law includes certain rules concerning the 3.0 objects. However, for the 4.0 objects, this is much more complicated. A lawyer, Alain Bensoussan, also expresses the fact that it will be necessary to make a new law for the connected objects.
If a person who has suffered an attack wishes to counter-attack, it is almost impossible today for this to happen. Indeed, it would be necessary to study the files case by case, but between the problems related to personal data, the problems related to computer flaws or even the problems related to the objects themselves, nothing is as simple...
Security of connected objects
You dream of having a connected object? And we won't throw stones at you! Indeed, many objects make you want and truly give the impression of changing our lives. However, before rushing to a connected watch or a connected speaker, why not find out beforehand about the seller?
This is not simply about looking at the name of the company, spending three minutes on Wikipedia to study the various information about it. No, it is better to look at the customer reviews. Are these customers happy with the product or not? Also check if the company in question has not been involved in a controversy. If we return to the example of Amazon with its Alexa speaker, you can notice that consumers have been spied on. This is not necessarily ideal when you just want to listen to music.
It should also be noted that you must opt for a company that is able to fight against computer viruses. Indeed, if you suffer an attack, it is necessary that the after-sales service to which you can refer is in a position to find a solution for you. It is up to the company selling you the connected product to remove the virus for you, but also to ensure the necessary protection.
It is also important to use a reputable manufacturer. Indeed, you will have less risk of being fooled. Reputable manufacturers will certainly sell you more expensive products than another seller. However, you will be sure to have the adequate after-sales service in case of attack or problem related to your connected object.
The last piece of advice we can give you is to use a European seller and verify that your product meets the European standards. Indeed, as we mentioned, some countries are professionals in the art of hacking. In other words, to be sure not to be fooled both on the quality of the product and on the way it was manufactured, it is better to opt for European products.
This is a lot of information, but if you want to minimize the number of problems, these are the indispensable elements that you must look at when choosing a reseller or manufacturer.
Do all updates
We will never repeat it enough. But doing the updates, whether on your connected objects or your computer, are very important. Indeed, the more devices connected to Internet are up to date, the less you will have the opportunity to suffer attacks.
The security flaws are more difficult to bypass when the devices in question are up to date. Indeed, the hackers must update their various viruses. Moreover, it is easier for these last to hack a device that is not up to date and which therefore presents computer flaws that facilitate hacking. You will have understood, checking that your connected devices are up to date is a key step to reduce the risks of hacking, sabotage or simply espionage.
Think about enabling data encryption
Data encryption? You don't know exactly what this corresponds to? Don't panic, we will explain everything to you.
Data encryption simply consists of protecting files, folders or even documents by a password or a secret key. People who do not have the password will therefore not be able to access all this data.
On your various connected devices when possible, enable data encryption. This will allow you to secure information that may be sensitive. Thus, if a hacker manages to access your devices, they will not be able to see the different elements that you wish to hide from them.
Think about checking sensors
Your devices all have sensors. The latter do not necessarily have to be active when you use them. Indeed, this is one of the elements that you must check each time you use a connected object.
If we take the example of the smartphone, when you use it, remove for example your geolocation. Of course, everything is relative! Indeed, if you use your smartphone as a GPS, the geolocation is mandatory. However, if you do not use this feature and you just send an SMS, for example, we advise you to remove the geolocation from it.
On your other connected objects, you must act in the same way. This also reduces the risk that a hacker can introduce themselves into your device.
Change your passwords
One of errors that often comes back is putting the same password. Indeed, if a hacker finds your password, they may use it everywhere, just to see if it works. However, if you want to avoid this happening, we advise you to put different passwords. Certainly, this will be less practical since you will have to remember several. But nothing prevents you from writing them on a sheet of paper and storing it somewhere, to be sure not to forget any.
Also, we advise you to put difficult passwords. Do not hesitate to play with the uppercase, the lowercase, the numbers as well as the special characters. The birth dates or important dates are also to be avoided. It should also be noted that the more complicated your password is, the less it can be hacked. Practical, isn't it?
Always turn off the object when you are not using it
You have finished using an object? Think about turning it off. Indeed, you should never leave a connected object on standby. Why? Simply because if your computer, your smartphone or even your TV are on standby, the hackers can access your data. To protect yourself as effectively as possible from online attacks, we therefore advise you to turn off your connected devices. This way, they will have no means of accessing your data while you are not using the object in question.
Think about network security
It is important to note that the router is the first place where a hacker will attack. To protect yourself, you will need to check if your router is up to date and that it has a good firewall. This will not necessarily prevent a hacker from attacking you, but they will have more difficulty.
And for companies?
If you are a company and you are afraid of being hacked via your connected objects, you should know that you have two possible solutions:
- Call on an IoT expert: the latter will allow you to do an audit of the objects you own, but also to advise you on the course of action. The expert will be able to propose various solutions that you can apply in order to reduce the risk of hacking.
- Think about the "secure by design" approach: this is a solution that will allow you to take into account all the risks you run when you install your connected objects. Thus, whether it concerns the software or the hardware aspects of a connected object, you will be sure to have all the adequate information to deal with a possible hacking.