Granite River Labs, GRL
Sanjay K Sharma
The rapid proliferation of consumer Internet-of-Things (IoT) devices has revolutionized daily living with unprecedented levels of convenience and efficiency. By 2030, it is estimated that 29 billion IoT devices will be circulating worldwide. This includes security devices such as baby monitors, smoke detectors, and door locks, as well as entertainment systems such as smart cameras, TVs, speakers, wearable health trackers, home automation and alarm systems enable people to manage and monitor multiple facets of their lives seamlessly.
However, the rise of IoT also brings about significant cybersecurity risks. Each new device on a network can be a potential entry point for cyber attackers. With many IoT devices lagging behind on the security features front, the lack of regular updates is making IoT systems vulnerable targets for exploitation.
2023 marked a critical turning point for IoT security threats, with a Zscaler ThreatLabz report revealing a staggering 400% increase in IoT malware attacks compared to the previous year1. This dramatic rise underscores the security risks associated with the proliferation of connected devices.
The 2024 cyberattack on Roku, which compromised over 576,000 accounts2, highlighted the vulnerabilities inherent in IoT devices while raising important questions around consumer trust, regulatory compliance, and the integration of cybersecurity measures across technological ecosystems.
Compromised IoT devices can be the entry point for launch DDoS attacks, personal network infiltration, and sensitive data theft. For example, the Mirai botnet attack3, which uses thousands of unsecured IoT devices to disrupt major websites, highlights just how large-scale these threats can be, possibly placing hundreds of thousands of individuals at risk through breached smart cameras, health monitors, and so on.
Common weaknesses within IoT devices that can expose them and their connected networks to attacks include:
Manufacturers' Role: IoT device manufacturers have been urged to enhance security measures, including implementing stronger authentication protocols, regularly updating firmware, and encrypting stored data. Consumers often remain unaware of these vulnerabilities and where their data might be compromised. Securing these devices is crucial, and the primary responsibility lies with the manufacturers. Manufacturers must prioritize the security of their products to protect users' data and privacy.
Compliance to Basic cyber-Security requirements becomes mandatory for consumer IOT devices under EU RED to fulfil CE marking requirements by Aug 2025. Additionally, there are other international private certification schemes aligned their security requirements as per ETSI EN 303 645, NIST, OSWAP Top 10, CWE 25 standards and its predecessors. These standards provide a solid security baseline for connected consumer products through 13+ key recommendations, chief of which are:
As an accredited laboratory for various national/international standards, GRL conducts security testing on consumer IoT, applications and telecom devices according to the standards mentioned above. Don't wait for until it's too late to secure your products. Proactively prepare against worst-case scenarios by contacting IoT experts to safeguard your customers and your brand.
Sanjay K Sharma
Associate Director -Cybersecurity Services
Sanjay K Sharma is responsible for developing cybersecurity services and establishing evaluation facilities according to various national, international and industry standards. Supports IoT and digital-connected technologies strategy.
1. Adm Ford. 11 Jan 2024. Securing Public Sector Against IoT Malware in 2024. Zscaler Blog.
2. Ty Roush. 12 Apr 2024. Roku Says 576,000 Accounts Compromised In Latest Security Breach. Forbes.
3. Cloudflare. What is the Mirai Botnet?