The number of cyber security threats targeting Internet of Things (IoT) devices has been growing rapidly as criminals look to take advantage of these relatively-new class of devices, but many of the methods they are using still rely on well-known vulnerabilities.
This is according to new research from F-Secure, which found the number of threats it detected doubled in 2018. However, the vast majority of these still rely on the same security weaknesses that have plagued businesses for years.
Almost nine out of ten threats aimed at IoT devices (87 per cent) looked to take advantage of weak/default passwords, unpatched vulnerabilities, or both, which suggested many users are still failing to follow basic security guidelines in order to keep their networks and data safe.
This is only set to become a bigger issue in the coming years as the number of IoT devices, ranging from smart home speakers to enterprise robotics tools and driverless cars, continues to grow.
Tom Gaffney, operator consultant at F-Secure, said that while device manufacturers are starting to pay closer attention to security, there are still a wide range of gadgets available that have yet to address these basic issues.
He noted: "For years, manufacturers have been releasing products without giving much thought to security, so there’s a lot of ‘smart’ devices out there vulnerable to relatively simple attacks."
F-Secure Labs Principal Researcher Jarno Niemela added the root cause of many IoT weaknesses can be traced back to manufacturers’ supply chains.
"Most device vendors license software development kits for the chipsets they use in their smart cameras, smart appliances and other IoT devices. That’s where the vulnerabilities and other issues are coming from,” he explained.
The report noted that IoT threats are still a relatively new area for IT security, having been rarely encountered before 2014, when the source code for Gafgyt, which targeted devices including closed circuit television and many video recorders, was released.
From this, criminals were able to develop the Mirai botnet, which became one of the first IoT-targeting threats to have a widespread impact when it was responsible for one of the biggest distributed denial of service attacks in history in 2016.