IoT devices: The Trojan Horses of our time

By Steven Feurer, CTO at Paessler, maker of PRTG

We live in an always-on society where, without fail we are connected. There are many benefits to this way of life, but we must also be aware of its dangers. For many of us, the word “Trojan” conjures images of the infamous battle whereby the Greeks stormed through the independent city of Troy. Yet in recent years, this word has come to take on a new meaning – ringing alarm bells to those of us that are tech savvy. 

In the same way that Trojan Horses were associated with danger and deception, the same words are today used to describe malware. Trojan malware is widespread and malicious. However, internet users have the benefit of understanding these dangers and what can be done to avoid potential hazards. Yet, when it comes to connected devices, such as smartphones and tablets, the same cannot be said. We are still surprised by mobile hacks because we aren’t prepared. This is why we refer to the Internet of Things (IoT) as the Trojan Horse of our time.

So - why aren’t IoT devices safer, and how can we rectify this? There are several reasons for this.

IoT and security: the challenge

We need to work to ensure IoT is safer, however, there are reasons that this is currently not the case.

1.Security is not part of the design process

People don’t purchase IoT devices, based on their security – they’re looking for features and enhancements they’ve never seen before. For example, the intelligent refrigerator or the IoT lamp do not reinvent the refrigerator or the lamp but enhances their abilities by making them smarter. As such, security is an afterthought, for both consumers and the manufacturers behind our latest IoT devices.

2.Security would increase the price

IoT devices became attractive to the mass market. We’re seeing the IoT industry boom, with the home market alone set to reach 3.2 billion in 2019. Yet again, the features gaining traction are based around convenience and not focused on security. Therefore, spending a lot of money on the development of better security features does not make sense for manufacturers, as it’s not what the market is demanding.

3. Security isn’t the number one priority 

It all comes down to a two-way attitude from users and manufacturers. We need to be talking about IoT security more – but, given its damaging to a business to slow down market growth, we don’t take the time to speak about it enough.

IoT and security: the solution

IoT devices cannot be completely monitored. Even if the devices have been specifically deployed by a company's IT department, traditional corporate security measures do not work. IoT devices can only be controlled to a limited extent by the IT team because they operate beyond their own closed systems. This means that to improve security, we need to consider three things to guarantee “peace of mind”.

1. Importance

We should pay more attention to data. To secure our data, we don’t need to back up an entire IoT device. Instead, we need to look at the cloud to secure data from IoT devices. However, keep in mind that as soon as a mobile IoT device contains sensitive data, it will be a target to hackers. Not only this, but if an IoT system is managed by a central administration portal which is deactivated, it will no longer report on attacks to individual devices.

2. Trusted storage

IoT devices are predominantly mobile. The difficulty here lies in averting any malicious applications from them. One way to prevent this is by storing the device ID in a trusted area. This means you can decide who does and does not have access to communicate to the device – for example, by using biometric identifiers.

3. Look for radiation effects

Monitoring, no matter how sophisticated, cannot directly detect whether an IoT device has become the gateway to certain attacks. However, radiation effects can be identified. Via the network distributor, a monitoring tool can recognise when an unusually high amount of data traffic occurs. It can also be detected via pattern recognition if unusual traffic takes place in the network. A warning would then be sent to the system admin and the discovery of the device in question should proceed quite quickly.

We are, without a doubt, at the beginning of the IoT security journey, with a long way to go. But, if one thing is for sure - we need to be prepared when it comes to IoT security, or we risk the tale of the Greek Trojan Horse becoming a disastrous reality.