Is your IoT fish tank secure?

Are there any real security threats to sensor-generated data?

Darya Efimova
© Shutterstock / Sasun Bughdaryan

IoT devices can be a weak leak and expose data to hackers. Businesses should be aware of the risks that can occur if attackers get their hands on data, and keep up with security updates and testing. How can hackers compromise sensor-generated data, and what are the best practices for IoT device security?

In 2018, something rather extraordinary happened to a US-located casino. Somebody illegally connected to its fish tank and this way broke into the casino’s computers. Being able to literally move into other parts of the network, hackers found their way into the system and stole about 10 GB of valuable data. Sounds shifty, but how did they really do this? The fish tank was equipped with PC-connected sensors that transmitted data on the tank cleanliness, temperature, and food levels. These particular sensors became cyber attackers’ entry points to the data.

This and some other cases when IoT data turned out to be that vulnerable leave the security of IoT devices under a cloud of suspicion. But are there any serious grounds to believe IoT data poses such risks, or is that just media hype?

Answering this question is especially crucial for businesses having a network of connected devices. The leakage of enterprise data can cost them a heavy sum, specifically if it’s customer data. According to the EU-enforced GDPR, all customer information should be kept private and safe, but with sensor-generated data this seems a bit of a challenge.

How can hackers compromise sensor-generated data?

To get down to brass tacks, let’s find out how exactly cyber attackers can reach IoT data. Generally, there are three possible ways:

Hackers can enter through an unsecured network

Network vulnerabilities are justifiably cyber attackers’ favorite ways to reach IoT data. Be it insecure authentication, API weaknesses, or unprotected network services running on devices—in the end, all of these might result in stolen gigabytes.

Non-encrypted data should be mentioned here as well. The process of encrypting business data remains one of the first steps of its protection. That’s because non-anonymized data makes it much easier for a hacker to reach, compromise, and tamper it.

Hackers can get through outdated and insecure devices

Before IoT, businesses had to worry about keeping only a limited range of technologies up-to-date, like their servers, CRMs, and desktop computers. Now, they have to update every single device in place, from connected printers and coffee machines to CCTV cameras.

SEE ALSO: Practical security in web applications – build them right

Outdated protocols and systems can make any network incredibly vulnerable: over time, it might even develop bugs. So today, when the number of connected devices per business is skyrocketing, it’s becoming even harder to control the state of each and every connected device.

Hackers can tamper a network physically

Unsecured open ports and USB connectors are not good signs by themselves, but they also pose a risk for sensor-generated business data. That’s because by physically tampering devices, hackers can disassemble them and enter the data repository.

Although only on-site employees can do this in practice, physical tampering remains a big threat. Unfortunately, this is especially true for the devices used for network maintenance—if hackers penetrate them, they can wreak havoc quite easily.

What if sensor-generated data is in hackers’ hands?

As you see, businesses having unsecured IoT networks together with outdated and physically vulnerable devices do have some chances to face a cyber attack one sunny day. On some level, it supports the idea that the threats to sensor-generated data security are real. However, to know the enemy, it’s vital to be alert to what these threats can entail.

Attackers can corrupt data, making it unfit for proper analytics

As data stealing is becoming an everyday practice, data manipulation is gradually entering the hacking mainstream too. Changing business information to an attacker’s advantage is rather cunning. What makes it dangerous, though, is that business owners might not even mention that their data is being penetrated continuously.

Manipulated data makes it impossible for businesses to make corrected decisions and perform data analytics. Here’s where BI consultants emphasize the need to monitor data security 24/7 to avoid business-critical data being corrupted.

Attackers can exploit sensitive data

No need to explain why it’s dangerous, especially if a business stores at least a little portion of customer data. Such information as names, birth dates, email addresses, social security or credit card numbers can be used for fraud, identity theft, or even blackmail. As for credit cards, hackers can duplicate and simply empty them.

SEE ALSO: Tide Protocol uses blockchain to improve password security by 14 million percent

Only a short time ago, this happened to Capital One, the biggest US-based bank holding company. A software engineer hacked into a server holding customer data and stole the personal information of over 100 million people. This data included 140,000 social security numbers and 80,000 bank account numbers. Fortunately, the hacker didn’t use it for fraud, but in case she did, it would cost the bank up to $150 million and undermined trust of its customers.

Attackers can sell business data to competitors

Any business would be happy to know how its competitors perform and what exactly brings them profits. Once hackers obtain data on a company’s performance, its major customers, and their purchasing patterns, there’s a good chance market rivals would be at pains to get their hands on it. With this data, competitors can poach customers and build better marketing campaigns, thus grabbing the market share bit by bit.

Protecting IoT networks: Best practices

It’s obvious that the problem of protecting sensor-generated data is quite real, and enterprises have little choice but act accordingly. Keeping IoT software up-to-date and continuously testing its security might help businesses deal with most of the challenges listed above.

However, to take a step forward and streamline sensor-generated data security even more, it’s vital to draft comprehensive security policies. With them, all employees handling data can develop more deference to enterprise data, which is practically the most valuable asset businesses have.

Darya Efimova
Darya Efimova is a digital transformation observer on the editorial board at Iflexion. With MA in Creative and Media Enterprises, Darya is an accomplished writer and industry insider helping IT leaders make sense of today’s tech disruptions and new market imperatives.

Inline Feedbacks
View all comments