PUNE: Following the virus alert on IoT (Internet of Things) devices issued by CERT Indian Computer Emergency Response Team (CERT-In), cyber experts said that as IoT devices can be vulnerable there is need to increase safety of such devices. Experts said that as multiple IoT devices can be connected to a common network there is a risk of infestation of the virus on all systems at one stretch through a common network.
In its alert, CERT-In said the virus ‘Silex’, which is targeting IoT devices is spreading.
“The malware is capable of trashing an IoT device’s storage, dropping firewall rules, removing network configuration and then halting the device. The attacker gains access to the targeted device using default credentials of the targeted devices,” stated the CERT alert.
Highlighting the need for an increased defence to protect IoT devices, cyber expert Pankaj Ghode, Co-Founder and CEO of Agri10x said there is need of good encryption technologies to keep IoT devices safe.
“Although IoT devices do not store data there is less risk. But as such devices are connected to one personally there is a need for securing such devices. Imagine the damage which can be done if someone gains access to your CCTV cameras. Similarly, there is also need to keep your network safe,” added Ghode.
On the issue of vulnerability of IoT devices, cyber expert Anil Raj of Cybervault Security Solutions Private Limited said the number of IoT devices continues to rise and so is the security threat for such devices.
“We have home appliances, vehicles all connected to IoT and so the threats should be taken on a serious note. Another reason why IoT vulnerability is risky is in many cases there is a single point control for multiple IoT devices and so the risk increases,” added Raj.
Speaking on ways to increase the IoT device safety, Raj said safety techniques remain the same as of network and device level safety.
“We need good firewall techniques and also mechanisms to keep our network safe from threats,” said Raj.
SOME SAFETY TIPS BY CERT-IN
Restrict Web Management Interface access of IoT devices to authorised users only and change default username/passwords.
If a device comes with a default password or an open Wi-Fi connection, users should change the password and only allow it to operate on a home network with a secured Wi-Fi.
Control access to the devices with Access List.
