Avast warns against IoT cyberattacks

The company has predicted that attacks on routers and other IoT devices will become commonplace as this new technology's adoption rate grows.

The IoT industry — which includes smart home technology — is growing at an alarming rate. In fact, a recent forecast predicted the IoT market will reach $267 billion in spending by 2020

In 2008, more than nine years ago, there were already more “things,” or devices, connected to the Internet than people. By 2020, the number of Internet-connected devices will reach at least 50 billion. That is mind-blowing. 

IoT devices aren’t just in homes, they’re also in vehicles, businesses, factories, health-care centers and more. They are truly integral to modern society. 

It’s a sobering thought that all these devices — the entire field of connected tech — is vulnerable to attack. Of course, if you know anything about modern technology, that’s to be expected. Sadly, it’s the nature of open access to the Internet and wireless technologies. There is always an underlying risk that data, systems and devices will be compromised. 

But Avast, a popular security firm, warns that cyber-attacks on routers and IoT devices will become more commonplace, growing to be a major threat to consumers. 

Avast Chief Executive Vincent Steckler says that even though attacking these devices and components is a “trivial thing,” once it happens “there’s nothing the user can do to fix it.” This leaves little to no recourse after an attack. Steckler even says that consumers will have to “throw [their] router away and put in a new [one]” after an attack of this caliber. 

But it’s not just routers and Internet gateways that are susceptible. Any and all connected devices can be a target, including appliances, vehicles and more. To name a few household items you might already own, there are TV systems, audio systems, coffee machines, appliances like refrigerators, computers, mobile devices, smart home tech and much more. 

The Avast team isn’t just being proactive or paranoid, either. Hackers have already targeted routers and connected devices. 

The Attacks Are Already Happening 

In London earlier this year, law-enforcement officers arrested a suspect who had been staging cyber-attacks on household routers. He targeted specific routers run by Deutsche Telekom in months prior and was able to take quite a few German households offline. Imagine being without Internet access for an extended period of time after such an attack. Worse yet, these hackers can demand a ransom before you’re up and running again. 

The Avast team illustrated this with a unique attack of their own. They used a vulnerability to gain access to a router, change its firmware, take control of a nearby TV set and play a Barack Obama speech on a never-ending loop. If you try to turn off the TV and turn it back on, it does not fix the problem. No matter what, you cannot see anything on the TV other than the looping speech. The idea is that a hacker would be able to hold the TV set “ransom,” requiring the owner to pay a lump sum to get the loop cycle removed. 

In the end, there’s no guarantee the hacker will remove said loop, even after getting paid. 

It’s a slippery slope. Avast’s demonstration of an attack is a bit comical, but it only involves a TV. Imagine if such an attack were to include other appliances and connected devices. Think about all the different ways someone could wreak havoc on your life. They could tap into computers and webcams, baby monitors, game consoles, appliances like refrigerators or washers, TVs and so much more.

And if you have your whole house outfitted with smart technology, hackers could stage an attack nearly everywhere. Imagine your doorbell going off without warning endlessly, your alarms and detectors blaring, your entertainment systems turned to max volume, your heating system turned on and cranked to full blast in the middle of the summer, your lights flashing all night, and so on. 

It’s a scary prospect, and one that might seem far-fetched for now, but it’s entirely possible in the not-too-distant future.   

WannaCry Is Making Everyone Revisit Security Protocols 

Recently, a group of hackers staged a global cyber-attack that took advantage of hacking tools and vulnerabilities believed to have been developed by the U.S. National Security Agency. The attack hit a variety of computers and businesses. Organizations like FedEx, Telefonica, Nissan and the UK National Health Service were targeted. 

The real threat came from attacks on UK hospitals, which were almost completely paralyzed thanks to the massive cyber-attack. Hospitals and health clinics were actually forced to turn away patients because they had no access to their computers and related systems. The health and well-being of UK residents were literally at risk due to this cyber-attack. 

This attack, aptly named WannaCry, really puts the current state of the world into perspective. When our hospitals and emergency centers are frozen and unable to operate because of a nationwide attack, it’s time to revisit our approach to security. 

Consider, for a moment, if all emergency services had been taken offline. That’s just the tip of the iceberg. Think of all the different devices, platforms and objects around us that are connected and vulnerable. This includes planes, cars and public transportation, home appliances and mobile devices, entertainment systems, children’s toys, infant monitors, and so much more. 

According to Gartner, there will be a quarter of a billion connected vehicles on the road by 2020. These cars might only include a fraction of wireless technology, yet they’re equally vulnerable. We will be putting our lives in the hands of a vehicle and AI system that can effectively be hacked by an outsider. 

There may have been a time when these claims or ideas of a large-scale cyber-attack were far-fetched or fantastical, but that’s definitely no longer the case. It’s merely a matter of when, not if, an attack will happen on IoT devices. 

Does that mean you should avoid the technology or be scared of it? Absolutely not. But it does mean you should educate yourself on the dangers of modern technology, and do everything you can to improve your own security and privacy.   

Kayla Matthews, Technology Writer and Cybersecurity Blogger

Image Credit: Chesky / Shutterstock