{"id":33010,"date":"2020-01-28T12:00:00","date_gmt":"2020-01-28T12:00:00","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/securing-the-iot-is-a-nightmare\/"},"modified":"2020-01-28T12:00:00","modified_gmt":"2020-01-28T12:00:00","slug":"securing-the-iot-is-a-nightmare","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/securing-the-iot-is-a-nightmare\/","title":{"rendered":"Securing the IoT is a nightmare"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/images.idgesg.net\/images\/article\/2017\/10\/cw_scary_tech_05-100740219-large.3x2.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<div class=\"teaser\">\n<p>Spoiler alert: you&#8217;re not going to wake up from this nightmare anytime soon.<\/p>\n<p>Currently, we have over <a href=\"https:\/\/ipropertymanagement.com\/research\/iot-statistics\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">26-billion internet of things (IoT) devices<\/a> running in our workplaces, offices and homes. Of those, I&#8217;d guess &#8212; let me think about this for a minute &#8212; none of them are really secure.<\/p>\n<h2>Why IoT security is such a mess<\/h2>\n<p>I make this claim because while IoT security is given a lot of lip service, the reality is it&#8217;s an afterthought. As Alan Grau, president and cofounder of embedded security firm <a href=\"https:\/\/www.iconlabs.com\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">Icon Labs<\/a>, observed, &#8220;these devices are optimized to minimize processing cycles and memory usage and <a href=\"https:\/\/www.iconlabs.com\/prod\/internet-secure-things-%E2%80%93-what-really-needed-secure-internet-things\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">do not have extra processing resources available to support traditional security<\/a> mechanisms.&#8221;<\/p>\n<aside class=\"fakesidebar\">\n<h4><strong>[ Online training:<\/strong> <a href=\"https:\/\/www.idginsiderpro.com\/article\/3445440\/earn-your-iot-security-certification.html\">Earn your IoT security certification<\/a> ]<\/h4>\n<\/aside>\n<p>Another, non-technical reason, is to keep the short-term cost of IoT devices down, many&nbsp; manufacturers haven&#8217;t bothered to build in security at all. As Josh Corman, industrial IoT company <a href=\"https:\/\/www.ptc.com\/en\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">PTC<\/a>&#8216;s chief security officer, recently explained, the economy of consumer IoT devices don\u2019t allow for a profit once the OEM factors in <a href=\"https:\/\/spectrum.ieee.org\/telecom\/security\/6-reasons-why-iot-security-is-terrible\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">the cost of security updates<\/a> and patches.<\/p>\n<p>Or, more bluntly, as Matt Toomey of IT research company <a href=\"https:\/\/www.aberdeen.com\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">Aberdeen<\/a>, put it, &#8220;<a href=\"https:\/\/www.aberdeen.com\/techpro-essentials\/iot-device-security-seriously-neglected\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">IoT device manufacturers have not prioritized security<\/a> to date, mostly because they are motivated by profit; they want to bring as many of these devices to market as quickly and as cheaply as possible.&#8221; Implementing security checks is expensive and time-consuming, so they don&#8217;t do anything like enough with security and, &#8220;therefore, the vulnerabilities proliferate.&#8221;<\/p>\n<p>Another reason, as security maven Bruce Schneier recently observed about an especially egregious set of IoT holes, is that &#8220;These aren\u2019t subtle vulnerabilities. These are stupid design decisions made by engineers who had <a href=\"https:\/\/securityboulevard.com\/2019\/12\/lousy-iot-security\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">no idea how to create a secure system<\/a>. And this, in a nutshell, is the problem with the internet of things.&#8221;<\/p>\n<aside class=\"fakesidebar\">\n<h4><strong>[ Related:<\/strong> <a href=\"https:\/\/www.idginsiderpro.com\/article\/3412066\/iot-sector-report-how-to-prepare-for-tech-s-wild-west.html\">IoT Sector Report &#8212; How to prepare for tech\u2019s Wild West<\/a> ]<\/h4>\n<\/aside>\n<p>It&#8217;s not much better outside the consumer space. While we expect security support for years from conventional technology hardware, many IoT devices still come without any support or come with only a few years of support.<\/p>\n<p>Another reason we can&#8217;t have good things or IoT security is as Chris Lord, CTO and co-founder of security firm <a href=\"https:\/\/www.armoredthings.com\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">Armored Things<\/a>, recently said, &#8220;When it comes to IoT devices, we have <a href=\"https:\/\/www.techrepublic.com\/article\/why-blockchain-wont-transform-iot-security\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">thousands of different operating systems<\/a> and variants. That diversity creates all sorts of challenges &#8212; everyone has different configurations and different ways to patch and manage.&#8221;<\/p>\n<\/div>\n<div class=\"premium\">\n<p>Spoiler alert: you&#8217;re not going to wake up from this nightmare anytime soon.<\/p>\n<p>Currently, we have over <a href=\"https:\/\/ipropertymanagement.com\/research\/iot-statistics\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">26-billion internet of things (IoT) devices<\/a> running in our workplaces, offices and homes. Of those, I&#8217;d guess &#8212; let me think about this for a minute &#8212; none of them are really secure.<\/p>\n<h2>Why IoT security is such a mess<\/h2>\n<p>I make this claim because while IoT security is given a lot of lip service, the reality is it&#8217;s an afterthought. As Alan Grau, president and cofounder of embedded security firm <a href=\"https:\/\/www.iconlabs.com\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">Icon Labs<\/a>, observed, &#8220;these devices are optimized to minimize processing cycles and memory usage and <a href=\"https:\/\/www.iconlabs.com\/prod\/internet-secure-things-%E2%80%93-what-really-needed-secure-internet-things\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">do not have extra processing resources available to support traditional security<\/a> mechanisms.&#8221;<\/p>\n<aside class=\"fakesidebar\">\n<h4><strong>[ Online training:<\/strong> <a href=\"https:\/\/www.idginsiderpro.com\/article\/3445440\/earn-your-iot-security-certification.html\">Earn your IoT security certification<\/a> ]<\/h4>\n<\/aside>\n<p>Another, non-technical reason, is to keep the short-term cost of IoT devices down, many&nbsp; manufacturers haven&#8217;t bothered to build in security at all. As Josh Corman, industrial IoT company <a href=\"https:\/\/www.ptc.com\/en\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">PTC<\/a>&#8216;s chief security officer, recently explained, the economy of consumer IoT devices don\u2019t allow for a profit once the OEM factors in <a href=\"https:\/\/spectrum.ieee.org\/telecom\/security\/6-reasons-why-iot-security-is-terrible\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">the cost of security updates<\/a> and patches.<\/p>\n<p>Or, more bluntly, as Matt Toomey of IT research company <a href=\"https:\/\/www.aberdeen.com\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">Aberdeen<\/a>, put it, &#8220;<a href=\"https:\/\/www.aberdeen.com\/techpro-essentials\/iot-device-security-seriously-neglected\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">IoT device manufacturers have not prioritized security<\/a> to date, mostly because they are motivated by profit; they want to bring as many of these devices to market as quickly and as cheaply as possible.&#8221; Implementing security checks is expensive and time-consuming, so they don&#8217;t do anything like enough with security and, &#8220;therefore, the vulnerabilities proliferate.&#8221;<\/p>\n<p>Another reason, as security maven Bruce Schneier recently observed about an especially egregious set of IoT holes, is that &#8220;These aren\u2019t subtle vulnerabilities. These are stupid design decisions made by engineers who had <a href=\"https:\/\/securityboulevard.com\/2019\/12\/lousy-iot-security\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">no idea how to create a secure system<\/a>. And this, in a nutshell, is the problem with the internet of things.&#8221;<\/p>\n<aside class=\"fakesidebar\">\n<h4><strong>[ Related:<\/strong> <a href=\"https:\/\/www.idginsiderpro.com\/article\/3412066\/iot-sector-report-how-to-prepare-for-tech-s-wild-west.html\">IoT Sector Report &#8212; How to prepare for tech\u2019s Wild West<\/a> ]<\/h4>\n<\/aside>\n<p>It&#8217;s not much better outside the consumer space. While we expect security support for years from conventional technology hardware, many IoT devices still come without any support or come with only a few years of support.<\/p>\n<p>Another reason we can&#8217;t have good things or IoT security is as Chris Lord, CTO and co-founder of security firm <a href=\"https:\/\/www.armoredthings.com\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">Armored Things<\/a>, recently said, &#8220;When it comes to IoT devices, we have <a href=\"https:\/\/www.techrepublic.com\/article\/why-blockchain-wont-transform-iot-security\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">thousands of different operating systems<\/a> and variants. That diversity creates all sorts of challenges &#8212; everyone has different configurations and different ways to patch and manage.&#8221;<\/p>\n<p>Making matters even worse, since IoT products are embedded deep in our infrastructure, we don&#8217;t see them, we don&#8217;t think about them, and so we tend to forget about them. Thus, Lord said, &#8220;They sink into the environment, we no longer know they&#8217;re there. They get lost and neglected, but are still surfaces that can be attacked.&#8221;<\/p>\n<p>OEMs far too often forget about these devices as well. For every <a href=\"https:\/\/www.tesla.com\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">Tesla<\/a>, which automatically upgrades its electric cars&#8217; software with over-the-air updates, there are a hundred other IoT companies that never patch their hardware.<\/p>\n<p>But, wait! There&#8217;s more. Corman also observed our IoT devices, in which networks, software and hardware are all interwoven, tend to be pieced together from many different sources. All it takes is one vulnerability in the stack and the entire IoT device may be open to attack.<\/p>\n<p>That&#8217;s not just a theoretical fear. A recent <a href=\"https:\/\/www.zdnet.com\/article\/bluetooth-vulnerability-can-be-exploited-to-track-and-id-iphone-smartwatch-microsoft-tablet-users\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">Bluetooth vulnerability<\/a> made it possible to track Windows 10, iOS or macOS users.<\/p>\n<p>Beyond the security issue, OEMs have a nasty habit of turning <a href=\"https:\/\/www.zdnet.com\/article\/all-your-iot-devices-are-doomed\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">consumer-grade IoT gadgets into abandonware<\/a>. For example, as technology journalist Jason Perlow, points out Aether&#8217;s smart speaker, the Cone; Google Revolv smart hub; NetGear&#8217;s connected home wireless security cameras, VueZone; and the Jibo cloud-connected robot have all been rendered useless junk because their vendors no longer support them.<\/p>\n<aside class=\"fakesidebar\">\n<h4>[ Career roadmap: <a href=\"https:\/\/www.idginsiderpro.com\/article\/3488866\/career-roadmap-enterprise-architect.html\">How to become an enterprise architect<\/a> ]<\/h4>\n<\/aside>\n<p>Older IoT devices, which aren&#8217;t integrated into the cloud, may still be functioning, but they may not be getting needed available security patches even if they are available. For example, do your company routers automatically alert you when new firmware is ready? Many don&#8217;t.<\/p>\n<h2>The IoT disasters we know<\/h2>\n<p>The result has been one IoT security breach after another.<\/p>\n<p>The one you all know is <a href=\"https:\/\/www.csoonline.com\/article\/3218104\/what-is-stuxnet-who-created-it-and-how-does-it-work.html\" rel=\"noopener noreferrer\" target=\"_blank\">Stuxnet<\/a>. This was a computer worm, which attacked Supervisory control and data acquisition (SCADA) systems. It successfully destroyed Iranian centrifuges used to produce enriched uranium for weapons. While Stuxnet itself, which used Windows 7 as a platform, is no longer viable, it was the first IoT malware to cause real-world damage. It won&#8217;t be the last.<\/p>\n<p>The most damage from an industrial IoT (IIoT) attack came through from the <a href=\"https:\/\/www.infosecurity-magazine.com\/opinions\/blackenergy-malware-infrastructure\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">BlackEnergy trojan<\/a>. In 2015, it was used to briefly <a href=\"https:\/\/www.zdnet.com\/article\/how-hackers-attacked-ukraines-power-grid-implications-for-industrial-iot-security\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">take down part of Ukraine&#8217;s power plants<\/a>. IIoT attacks on the electrical grid are one of IoT&#8217;s nightmare scenarios. So far, there haven&#8217;t been any other major attacks on electrical systems. There will be.<\/p>\n<p>Such attacks might not even need to be taken on utility systems themselves. Recent research shows that <a href=\"https:\/\/securityboulevard.com\/2018\/08\/researchers-find-power-grid-iot-device-security-a-dangerous-mix\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">hacking home and office IoT-enabled HVAC systems<\/a> might be enough to launch effective large-scale coordinated attacks on your local power grid.<\/p>\n<p>Next, along came <a href=\"https:\/\/www.csoonline.com\/article\/3258748\/the-mirai-botnet-explained-how-teen-scammers-and-cctv-cameras-almost-brought-down-the-internet.html\" rel=\"noopener noreferrer\" target=\"_blank\">Mirai<\/a>. This <a href=\"https:\/\/securityintelligence.com\/news\/latest-mirai-malware-variant-contains-18-exploits-focuses-on-embedded-iot-devices\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">malware is still alive<\/a>, well, and screwing people over who are foolish enough to run ARC processor-powered <a href=\"https:\/\/www.cloudflare.com\/learning\/ddos\/glossary\/internet-of-things-iot\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">IoT devices<\/a> with the default username and password. Typically, Mirai-infected devices, such as baby cameras and home routers coming from such mainstream companies as Hikvision, Samsung and Panasonic, were then used in <a href=\"https:\/\/www.zdnet.com\/article\/todays-leading-causes-of-ddos-attacks\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">Distributed Denial of Service (DDoS)<\/a> attacks. So far, Mirai-powered assaults have taken down European hosting company, OVH; DNS provider DYN; and German telecom Deutsche Telekom. There were many others. There will be more.<\/p>\n<h4><strong>[ Ebook: <a href=\"https:\/\/www.idginsiderpro.com\/article\/3490075\/iot-security-why-its-your-biggest-nightmare.html\">IoT security: IT&#8217;s biggest headache<\/a> ]<\/strong><\/h4>\n<p>These, at least, target devices we think of as being computers. But, refrigerators, door bells, vacuum cleaners, and all our new &#8220;smart&#8221; gadgets are fair game. Security firm <a href=\"https:\/\/www.checkpoint.com\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">Check Point<\/a> recently found a <a href=\"https:\/\/blog.checkpoint.com\/2017\/10\/26\/homehack-how-hackers-could-have-taken-control-of-lgs-iot-home-appliances\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">security flaw in the LG Hom-Bot vacuum cleaner<\/a>, which allowed a hacker to take control of it and use its built-in camera to snoop around your home.<\/p>\n<p>Even after Mirai underlined just how stupid default usernames and passwords were, many vendors still use them. Israel\u2019s Ben-Gurion University of the Negreb researchers reported in 2018 the <a href=\"https:\/\/www.digitaltrends.com\/home\/default-password-flaw-ben-gurion-university\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">easiest way to crack home IoT devices<\/a> was just to use the publicly available default passwords. I doubt there&#8217;s been any improvements.<\/p>\n<p>So, while some attacks like Stuxnet were highly sophisticated, others like Mirai were simple.<\/p>\n<p>Simple is good if you&#8217;re a hacker.<\/p>\n<p>Simple works. Security company <a href=\"https:\/\/www.darktrace.com\/en\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">Darktrace<\/a>&#8216;s CEO Nicole Eagan recently observed, \u201cThere\u2019s a lot of IoT devices, everything from thermostats, refrigeration systems, HVAC&nbsp; systems, to people who bring in their Alexa devices into the offices. <a href=\"https:\/\/www.yahoo.com\/news\/hackers-broke-casino-high-roller-212003155.html\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">There\u2019s just a lot of IoT<\/a>. It expands the attack surface and most of this isn\u2019t covered by traditional defenses.&#8221;<\/p>\n<p>Adding insult to injury, there&#8217;s even a search engine, <a href=\"https:\/\/www.shodan.io\/\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">Shodan<\/a>, to track down online devices and equipment. While not a hacking tool in and of itself, hackers and script-kiddie cybercriminals alike use Shodan to find the low-hanging fruit of poorly secured IoT devices.<\/p>\n<h2>Saving yourself from IoT disaster<\/h2>\n<p>You can&#8217;t stop some IoT attacks. If your power goes out in your California office because someone forces a large number of &#8220;smart&#8221; air-conditioning systems to run on high some summer day there&#8217;s not a lot you can do.<\/p>\n<h4><a href=\"https:\/\/www.idginsiderpro.com\/category\/internet-of-things\/\">[ More IoT coverage on Insider Pro ]<\/a><\/h4>\n<p>But, there are some things you can do to protect yourself. For one thing, you can simply not let IoT devices in your office. Or, at least you can minimize them. Do you really need a smart refrigerator in your break room? I don&#8217;t think so.<\/p>\n<p>No device is too trivial to be potentially dangerous. Eagan has described how an aquarium thermostat with internet connectivity was used to pry into a casino&#8217;s database of high-rollers. As you should know from firewall 101 any open internet access can be used to attack your office. As Corman has said, &#8220;If <a href=\"https:\/\/diginomica.com\/ptc-liveworx-2019-tackling-iot-security-head\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">you can&#8217;t afford to protect it<\/a>, then you can&#8217;t afford to connect it.&#8221;<\/p>\n<p>Essentially, any IoT devices in your business must be as secure as possible. At a minimum this means following these five practices:<\/p>\n<ol>\n<li>The IoT vendor must provide security patches on a regular basis for years. These patches must be cryptographically signed so that the code can be verified and authenticated.<\/li>\n<li>All communications from and to the device must be secured using encrypted protocols, such as SSL. Access by other methods (e.g. telnet) must be blocked.<\/li>\n<li>Default usernames and passwords can only be used during setup. They must be changed before the device can be used in regular work.<\/li>\n<li>All subsequent device control must be authenticated by a strong password, <a href=\"https:\/\/searchsecurity.techtarget.com\/definition\/X509-certificate\" rel=\"nofollow\">509<\/a>, or Kerberos.<\/li>\n<li>Any but the most simple systems should include an embedded firewall. At a minimum it should limit communications to trusted hosts. It should also block simple DDoS and known protocol attacks.<\/li>\n<\/ol>\n<p>It will be hard finding devices with these features. Some of it, such as the firewall, you can add within your own network. But, while you&#8217;re at it, look for IoT devices that support the following:<\/p>\n<ul>\n<li>Intrusion detection and logging. Most devices don&#8217;t even try to log, never mind stop, an endless stream of login attempts. This is not acceptable.<\/li>\n<li>Application programming interface (APIs) compatibility with security management systems. IoT needs to be brought under the corporate security umbrella.<\/li>\n<\/ul>\n<p>The National Institute of Standards and Technology (NIST) <a href=\"https:\/\/csrc.nist.gov\/publications\/detail\/nistir\/8259\/draft\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">Core Cybersecurity Feature Baseline for Securable IoT Devices<\/a>, which was released in August 2019, may help with this. Still, there were recommendations, not regulations. I&#8217;d ask your vendors, for starters, to meet these guidelines.<\/p>\n<p>Thanks to California&#8217;s <a href=\"https:\/\/leginfo.legislature.ca.gov\/faces\/billNavClient.xhtml?bill_id=201720180SB327\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">IoT Device Security Act<\/a> (SB-327), which started being implemented&nbsp; on January 1, 2020, some of these features will become easier to find. This bill requires IoT device manufacturers to equip their gear with &#8220;reasonable security feature or features.&#8221; A <a href=\"https:\/\/www.congress.gov\/congressional-report\/116th-congress\/senate-report\/112\" rel=\"noopener nofollow noreferrer\" target=\"_blank\">similar IoT security Federal law<\/a> is sitting in the Senate.<\/p>\n<p>I wouldn&#8217;t count on any legislation protecting you in the next five years. It&#8217;s up to our vendors and the pressure we can put on them to properly secure their devices.&nbsp;<\/p>\n<p>In the meantime, one thing you can do is forbid users to bring their own IoT devices into the office. So, just say no to shadow IoT. If that&#8217;s hard to do &#8212; say for a user with a smartwatch &#8212; insist it connect to the internet via a guest network rather than the corporate LAN.<\/p>\n<p>Even your best efforts won&#8217;t be enough. If 2020 IT was a ship it would be named the Titanic and the iceberg dead ahead is IoT insecurity.<\/p>\n<p>There will be major IoT security breaches this year. The security holes are too big, there are too many insecure devices. We can only try our best to protect ourselves and our companies. There will be disasters, but with hard work and some luck, you and yours will avoid the worst of the IT fiascos to come.<\/p>\n<\/div>\n<p> READ MORE <a href=\"https:\/\/www.idginsiderpro.com\/article\/3512581\/securing-the-iot-is-a-nightmare.html#tk.rss_security\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Currently, we have over 26-billion IoT devices running in our workplaces, offices and homes. If you&#8217;re looking for an IoT security scorecard, it looks something like this:<br \/>\nSecurity Threats: 26,000,000,000, IoT Secure Devices: 0. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":33011,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[738],"tags":[1320,1047,376,7780,307,3550],"class_list":["post-33010","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-networkworld","tag-cyber-attacks","tag-cyber-crime","tag-internet-of-things","tag-it-strategy","tag-security","tag-technology-industry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Securing the IoT is a nightmare 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/securing-the-iot-is-a-nightmare\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Securing the IoT is a nightmare 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/securing-the-iot-is-a-nightmare\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-01-28T12:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/01\/securing-the-iot-is-a-nightmare.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/securing-the-iot-is-a-nightmare\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/securing-the-iot-is-a-nightmare\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Securing the IoT is a nightmare\",\"datePublished\":\"2020-01-28T12:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/securing-the-iot-is-a-nightmare\\\/\"},\"wordCount\":2290,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/securing-the-iot-is-a-nightmare\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/01\\\/securing-the-iot-is-a-nightmare.jpg\",\"keywords\":[\"cyber attacks\",\"Cyber Crime\",\"Internet of Things\",\"IT Strategy\",\"Security\",\"Technology Industry\"],\"articleSection\":[\"Networkworld\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/securing-the-iot-is-a-nightmare\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/securing-the-iot-is-a-nightmare\\\/\",\"name\":\"Securing the IoT is a nightmare 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/securing-the-iot-is-a-nightmare\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/securing-the-iot-is-a-nightmare\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/01\\\/securing-the-iot-is-a-nightmare.jpg\",\"datePublished\":\"2020-01-28T12:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/securing-the-iot-is-a-nightmare\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/securing-the-iot-is-a-nightmare\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/securing-the-iot-is-a-nightmare\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/01\\\/securing-the-iot-is-a-nightmare.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/01\\\/securing-the-iot-is-a-nightmare.jpg\",\"width\":1200,\"height\":800},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/securing-the-iot-is-a-nightmare\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"cyber attacks\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/cyber-attacks\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Securing the IoT is a nightmare\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Securing the IoT is a nightmare 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/securing-the-iot-is-a-nightmare\/","og_locale":"en_US","og_type":"article","og_title":"Securing the IoT is a nightmare 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/securing-the-iot-is-a-nightmare\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-01-28T12:00:00+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/01\/securing-the-iot-is-a-nightmare.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/securing-the-iot-is-a-nightmare\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/securing-the-iot-is-a-nightmare\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Securing the IoT is a nightmare","datePublished":"2020-01-28T12:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/securing-the-iot-is-a-nightmare\/"},"wordCount":2290,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/securing-the-iot-is-a-nightmare\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/01\/securing-the-iot-is-a-nightmare.jpg","keywords":["cyber attacks","Cyber Crime","Internet of Things","IT Strategy","Security","Technology Industry"],"articleSection":["Networkworld"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/securing-the-iot-is-a-nightmare\/","url":"https:\/\/www.threatshub.org\/blog\/securing-the-iot-is-a-nightmare\/","name":"Securing the IoT is a nightmare 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/securing-the-iot-is-a-nightmare\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/securing-the-iot-is-a-nightmare\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/01\/securing-the-iot-is-a-nightmare.jpg","datePublished":"2020-01-28T12:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/securing-the-iot-is-a-nightmare\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/securing-the-iot-is-a-nightmare\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/securing-the-iot-is-a-nightmare\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/01\/securing-the-iot-is-a-nightmare.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/01\/securing-the-iot-is-a-nightmare.jpg","width":1200,"height":800},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/securing-the-iot-is-a-nightmare\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"cyber attacks","item":"https:\/\/www.threatshub.org\/blog\/tag\/cyber-attacks\/"},{"@type":"ListItem","position":3,"name":"Securing the IoT is a nightmare"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/33010","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=33010"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/33010\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/33011"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=33010"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=33010"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=33010"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}