The future of IoT? State-sponsored attacks, say security professionals

IT security professionals believe that nation states will begin to exploit smart, connected devices in the next 12 months.
Written by Charlie Osborne, Contributing Writer

When you consider the future of Internet of Things (IoT) devices, artificial intelligence (AI), conversational technologies, enhancements to both voice and facial recognition, and virtual reality (VR) may be what you envision when it comes to what next-generation devices will feature.

Our devices are becoming smarter. Lighting, security, mobile devices, networks, and communication systems are all being influenced by IoT connectivity and technological ecosystems are likely to become more enmeshed in the future.

However, therein lies the problem. We've already seen the consequences of IoT devices being enslaved in their millions and providing conduits to other devices and networks, and now, it seems that state-sponsored groups may soon turn their attention to connected device exploitation.

During Black Hat, IoT security firm Armis surveyed over 130 IT and security professionals attending the conference in Las Vegas last week.

The vast majority -- 93 percent of respondents -- saw the future of IoT not necessarily as something smarter, but more dangerous, as they predict nation states will target or exploit connected devices in their droves over the coming year.


It is not just the establishment of botnets and disruption to online services which are possible -- medical equipment such as drug dispensers and pacemakers could be compromised; vehicles equipped with infotainment systems may be hijacked, or smart city networks could become a top target.

The FBI has already issued a warning relating to IoT device security, and if the cybersecurity professionals at the conference have predicted the future of IoT correctly, energy, utility companies, and healthcare providers are most at risk.

TechRepublic: What is the future of IoT?

In total, 23 percent of respondents cited energy and utility companies as entities most at risk from future IoT attacks; 17 percent said healthcare was at serious risk, and 15 percent believe that the financial sector will bear the brunt of future IoT-based cyberthreats.

When it comes to the enterprise, Gartner estimates that by 2020, a quarter of all attacks levied against corporate players will involve IoT. However, speaking to the cybersecurity professionals at Black Hat, 59 percent believe this figure is too low.

When asked how their organizations are managing the risk of implementing IoT solutions, 25 percent of survey respondents said that network separation was key, while network access control, firewalls, and endpoint protection also make an appearance in smaller numbers.


CNET: IoT attacks are getting worse -- and no one's listening

In total, 38 percent of survey respondents said vulnerabilities are the biggest problem in IoT security, whereas 36 percent said an inability to patch firmware is a true concern.

In addition, 17 percent cited the idea that IoT solutions cannot be well-protected by traditional cybersecurity solutions as a problem, and nine percent said bugs in wireless protocols are of concern.

See also: New Wi-Fi attack cracks WPA2 passwords with ease

"It's clear that security professionals are beginning to realize that risky unmanaged devices are increasingly dotting their environments," Armis says. "But the survey shows they don't feel as prepared as they should be to address the risk, and they see more attacks on the horizon."

Poorly-protected enterprise networks, energy and city services together with a lack of ability to properly manage or patch IoT devices may become a minefield for cybersecurity professionals in the future -- especially if they are faced with the prospect of well-funded and trained state-sponsored threat actors, rather than garden-variety hackers.

A single security flaw or overlooked security update can blackout an entire city. Vendors are still catching up with implementing patch processes in IoT products, and cyberattacks are seemingly becoming a weapon of choice in today's world. IoT security must be taken seriously or the future of such next-generation technologies could be darker than we think.

North Korea's history of bold cyber attacks

Previous and related coverage

Editorial standards