Debunking 10 common misconceptions about IoT devices – CyberTalk

By Antoinette Hodes, a Check Point Global Solutions Architect and an Evangelist with the Check Point Office of the CTO.

This article aims to provide a comprehensive overview of the most common misconceptions surrounding IoT (Internet of Things) devices. As the adoption of IoT devices continues to grow, it is crucial to address these misconceptions and provide accurate information to users and businesses alike. This will lead to better adoption and utilization, and foster a more informed and secure IoT ecosystem.

Debunking 10 common misconceptions about IoT devices – CyberTalkIoT devices are not a valuable target for hackers (read: criminals)

This is false. IoT devices often collect personal and sensitive data, making them attractive to hackers. Topics like user consent and data privacy should be addressed. IoT data is the “new gold” and it is important to anonymize data and incorporate data privacy-by-design principles.

IoT devices don’t collect or hold sensitive information

Many IoT devices collect and transmit personal or sensitive data, which can be No sensitive datacompromised. Although devices will not store it, security controls like data encryption are often needed. There 3 types of data: data at rest, data in transit and data in use. Data in use the most vulnerable and often easy to compromise.

No security posture riskIoT devices do not pose a risk to the overall network security

Often, there is an assumption that IoT devices are isolated from the network: IoT devices can act as entry points to the broader network, a potential starting point of starting the Cyber Kill Chain. We also see lateral movement and propagation attacks.

Manufacturers always prioritize security when developing IoT devices

IoT device manufacturers are already under high levels of pressure in a very competitive Secure by designmarket. They must balance cost against device functionality, while remaining attractive and differentiating their products. So, in general, security is often overlooked in favor of functionality and cost-cutting measures. IoT devices are often not “Secure by Design” or “Secure by Default”.

Physical access to an IoT device is required to compromise its security

Physical access ensures securityIn many cases, IoT devices are remotely exploited and compromised. Connected devices provide access, enabling attackers to exploit vulnerabilities or extract sensitive data from the IoT devices. Or devices can be utilized for network based attacks, like Man-in-the-Middle (MitM) attacks. This can lead to disruption or unauthorized control.

IoT devices are only a threat on the internet

IoT devices connected to a local network can still be compromised and pose a threat. They can be used as jump host, infiltrate or scan the network, lateral movement and propagation attacks.

IoT devices are immune to malware

IoT devices are immune to malwareThere is a general assumption that IoT devices are immune to malware due to limited hardware. Nonetheless, malware can infect IoT devices, allowing hackers to gain control or use them as part of a botnet. IoT devices are often connected to the internet and can potentially be accessed by attackers. IoT devices are often used in critical infrastructure, like power grids and hospitals. This makes them very attractive targets through which to cause a massive and widespread impact.

IoT device security is a one-time setup Set & forget

Either the device should be hardened from within, making it zero-day proof or security measures like ongoing monitoring, updates, and patching are needed. IoT device security is not a “set and forget” kind of thing. As the technology evolves, new security threats evolve along with it. IoT devices that are not attended to, from a security standpoint, can quickly become outdated and vulnerable.

Consumers are not responsible for securing their IoT devices; it’s the manufacturer’s job

Manufacturers bear the responsibility of prioritizing security during the design and development stages. Through the implementation of robust security measures, they can effectively shield consumers from potential attacks and breaches. However, consumers also have a role to play in ensuring device security. By actively pursuing measures such as changing default passwords, using strong passwords, and keeping devices updated, consumers can actively contribute to safeguarding their data and preventing cyber attacks. Ultimately, the security of IoT devices is a shared responsibility between manufacturers and consumers. Informed and educated consumers who prioritize security will assess the security level of the device they intend to use, opting exclusively for trusted reputable vendors.

Home IoT devices are not targets

It is often believed that cyber attacks solely target specific individuals or organizations. Home devices are no longer targetsHowever, a significant number of cyber attacks are classified as “spray attacks.” In these cases, random victims with lower levels of security become the primary targets.

Furthermore, attackers frequently focus on home IoT devices, aiming to either obtain personal data or exploit their vulnerabilities for more significant attacks. Unfortunately, many of these devices lack proper security measures, making them easy to compromise. Once compromised, these assets are often utilized as “zombies” in a botnet, potentially participating in activities like DDoS attacks.

In conclusion, debunking these misconceptions helps in understanding the true nature of IoT devices and the need for robust security measures to ensure their safe and effective utilization. Ultimately, the security of IoT devices is a shared responsibility between manufacturers and consumers.

Related resources

  • The green revolution | How IoT is driving sustainability – Learn more
  • Friction to integration | How blockchain can streamline manufacturing processesDetails
  • IoT solutions for enterprise, industrial and healthcare groups – Get product information here

Award shines a spotlight on local science journalism

Award shines a spotlight on local science journalism

Local reporting is a critical tool in the battle against disinformation and misinformation. It can also provide valuable data about everything from environmental damage derived from questionable agribusiness practices to the long-term effects of logging on communities. 

Reporting like this requires more than just journalistic chops. It needs a network that can share these important stories, access to readers, and financial support. That’s why organizations like the Knight Science Journalism Program at MIT and its Victor K. McElheny Award are important. 

Founded in 2018 with a gift from Knight Science Journalism (KSJ) Program founding director Victor McElheny and his wife, Ruth McElheny, the KSJ Victor K. McElheny Award rewards local science journalists for their pioneering work and their stories’ impacts. 

“The prize can help illustrate a continuing contribution to the maximum level of public understanding of what technology and science are achieving, and what these achievements imply for humanity,” McElheny says.

The award comes with a $10,000 prize.

“Local science journalism has value, in part, because consolidation in this sector has meant fewer journalists and a shrinking pool of resources with which to do this important work,” notes editor Cathy Clabby, a Knight Science Journalism Fellowship Program alumna (2008). Clabby was part of the team at The Charlotte Observer and The Raleigh News and Observer that earned the McElheny Award in 2023 for its poultry farm investigation

“The award demonstrated a commitment to high journalistic standards,” Clabby says.

These journalistic standards and the accompanying national recognition for awardees can lend further legitimacy to long-form science journalism. 

Features and outcomes

Additionally, while some news outlets are starved of the resources necessary to produce deeply-researched, high-quality stories, receiving the McElheny Award can help raise the visibility of small and nonprofit newsrooms, which can help with circulation, operating expenses, and fundraising.

“The award has a very real value to our audience, especially as we develop our digital subscriber model,” notes journalist Tony Bartelme, one of several Charleston Post and Courier reporters whose feature on the Gulf Stream won the inaugural award in 2019. “If readers see this kind of national recognition, they’re more likely to see the value of subscribing.”

“The financial element of the award is certainly a delightful surprise, particularly for a team project like this with a small budget,” says journalist Aaron Scott, whose team at Oregon Public Broadcasting won for its Timber Wars podcast series in 2021. “It filled me with joy getting to tell my colleagues they’d be getting bonus checks in the mail.”

Deborah Blum  the Pulitzer Prize-winning director of the Knight Science Journalism Program and founder of Undark Magazine  argues that local and regional journalists play a central role in promoting science literacy and critical thinking skills among their readers. Blum describes an information ecosystem worthy of preservation, with local science journalism acting as a fundamental building block of public consciousness and shared understanding. 

“Science stories told by reporters in the home community, known and trusted by their neighbors, have a special ability to reach readers and listeners,” Blum says.

Value, vision, and recognition

Storytelling has value beyond views, clicks, and shares, according to McElheny Award winners. 

“An informed electorate helps ensure a functional and accountable government,” Clabby asserts.

Journalists point to the skills necessary to produce thoughtful, reasoned stories that can impact readers, communities, and other journalists as valuable assets for creating powerful pieces.

“Science journalism is hard to do because it takes time to wade through it all and understand the science with enough depth to tell the story properly,” Bartelme says. “But, what’s more important than a planet on fire?”

Further, recognition from their peers can serve as validation for what can sometimes become months of research and reporting to produce such important stories.

“Recognition [as evidenced by] the Victor K. McElheny Award is deeply rewarding,” Scott believes, “because it means some of our most accomplished and thoughtful peers are listening to, reading, and thinking deeply about a story we’ve invested so much in telling.”

Outcomes and impacts

The Victor K. McElheny Award for Local Science Journalism confers national recognition on journalists performing a critical function in producing an informed electorate. Local science journalism can have lasting impacts on readers, apprise audiences of advances and challenges related to science and technology, and help secure funding for current and future efforts.

“Fact-based journalism has value for audiences,” Clabby says.

Scott, noting the value of balanced science reporting, described science journalism as “both more important, and more under threat by politicization, than ever before.”

“The McElheny Award is really the only award that celebrates science stories that reach this important audience,” Bartelme concludes. “Local journalists have a special and often more intimate relationship with readers than national organizations.”