IoT security standards must be tightened to prevent successful attacks

Posted: November 2, 2017

Forbes predicts that by 2025, we’ll have over 80 billion smart devices on the internet. Although IoT simplifies numerous tasks at work and home, there are a number of security risks that come with the technology. Anyone who purchases IoT appliances should be aware of these risks.

The information in this post is adapted from a number of sources, including a recent article from Tech World.

This week, a security flaw was detected within SmartThinQ, a technology endorsed by LG for automating communication within its range of home appliances and devices. This security flaw has reinforced the risks that come with remote IoT takeover, as attackers are progressively finding new methods of attacking smart devices.

The LG Security Flaw

SmartThinQ is a framework for communication between smart devices that allows them to be controlled by smartphone apps or voice assistants. SmartThinQ has been built into a range of LQ refrigerators, dishwashers, air purifiers, washing machines, dryers and robotic vacuums.

The weaknesses in this software, which were named ‘HomeHack’, were discovered by Check Point Software Technologies researchers and alerted to LG on the 31st of July. The weaknesses allowed a hacker to create a fake LG account and use this to take over the account of a legitimate user (meaning the hacker was able to control the user’s devices). This vulnerability highlights the risk that IoT devices could be used to remotely surveil/interfere with smart devices within homes and businesses.

LG’s Response

LG responded quickly to Check Point’s detection – remotely updating what LG manager of smart development, Koonseok Lee, called “an advanced rooting process designed to detect security issues”. According to Lee, the patched and updated SmartThinQ kernel has been “smooth and issue-free” since then.

Although LG’s patching has been seemingly smooth, many IoT device makers are notoriously lax when it comes to their device security.

IoT Security Standards Are Developing

There is no denying that IoT devices are liable to physical, network, software and encryption attacks (read more about these attacks here). These vulnerabilities have inspired associations, groups, internet providers, companies and manufacturers worldwide to come together and define security standards for the gradual IoT shift. These security standards are based on smarter authentication, network frequency, firmware updates and consumer guarantees.

In the United States, a bipartisan group of senators have introduced a bill (the Internet of Things Cybersecurity Improvement Act of 2017) aimed at securing internet-connected devices by setting industry-wide security standards. In Australia, we have the security guidelines set forth by the IoTA (Internet of Things Alliance) – the peak body representing IoT in Australia.

How Can You Protect Your Devices?

As security standards develop and vulnerabilities are discovered, there are some measures you can take to proactively protect the IoT devices on your network. Just some of these include:

Secure your wireless network, ensuring you choose a strong password
Give your Wifi a secure name and set it to not broadcast its identity
Ensure your network is firewalled
Check manufacturers’ websites for updates regarding device vulnerabilities
Update your devices regularly

Or you can ask us to protect your network and we’ll deliver a safe, secure solution with built-in resilience against attack.

In other news, don’t forget that the KRACK Wifi vulnerability is leaving Wifi networks at risk – read more in our blog post Wifi Security Flaw Detected that Leaves Devices Vulnerable – Patch Your Wifi Soon.