The Internet of Things (IoT) is not in its infant stage. It has come a long way. It was thrilling to access a Coke machine remotely over the Internet. The dark side of IoT security is now being noticed significantly.

IoT devices have been implicated in Distributed Denial of Service (DDoS) attacks and have contributed to a significant portion of malicious internet traffic. According to Nokia’s 2023 Threat Intelligence Report, the dark side has gone up by five times in IoT botnet DDoS attacks between 2022 and 2023. It is further learned that 40% of all DDoS traffic is now originating from IoT botnets.

The roots of this problem trace back to the infamous LizardStresser attacks during the 2015 holiday season that targeted Xbox Live users and wreaked havoc with a flood of traffic generated by compromised IoT devices. Another significant attack include a massive 400Gbps onslaught in 2016 and this highlighted the escalating threat posed by insecure IoT devices.

One major issue understood here is in the firmware-based nature of many IoT devices that lack robust security measures typically found in traditional operating systems. Outdated firmware as well as unpatched vulnerabilities further adds issues to the problem. These make the devices vulnerable to exploitation.

Critical IoT devices in sensitive environments often run on obsolete software with known security flaws. Shockingly, a significant percentage of nurse call systems and infusion pumps are plagued by unpatched vulnerabilities, posing serious risks to patient safety.

Compounding these vulnerabilities are weak default passwords and hardcoded credentials, which make IoT devices prime targets for exploitation by malicious actors. Moreover, many IoT manufacturers neglect security considerations, failing to provide timely firmware updates or prioritize security in their products.