Are IoT Devices the New Trojan Horse in Tech?
April 17, 2019

Dirk Paessler
Paessler AG

Share this

The Trojan Horse is one of literature's most famous "Gotcha!" moments. Following 10 years of war, the Greeks constructed an enormous wooden horse and delivered it to the gate of their long-standing enemy as a sign of surrender.


The horse appeared as a trophy to acknowledge Troy's victory over Greece. Enamored by the great horse, and proud of their successful siege, Troy accepted the large structure through their gates. In the night, Greek soldiers snuck out from inside the horse and sacked Troy from within its own city walls.

People and businesses today make similar mistakes to Troy's army when they get too enamored by the latest, flashiest technology. These modern Trojan Horses work through their ability to "wow" us.

Trojans in the form of malware are still widespread, but most Internet users know how to identify them as well as how to avoid their threats. The same can't be said about IoT devices. According to TechRepublic, IoT attacks were up 600% from 2016 to 2017. They are the Trojan horses of our time.

Cybercriminals find IoT devices an easy target because they are the cool new technology on the block. Often, business owners purchase cheap IoT devices without understanding — or, for that matter, caring — if the device is secure against attacks.

Why Some IoT Devices Aren't Secure to Begin With

1. The basic design process isn't secure

Most of us don't buy smart lights because they're inherently more useful than standard lamps. We buy them because we think they're cool. We're like fish staring at any glittery object.

IoT perpetuates feelings of futuristic innovation. Who doesn't love feeling like they're from Jetsons?

That's why IoT devices are built and that's why we, as consumers, continue to buy them.

Industry IoT is better, but even we are still suckers for novelty. Paying for a better, safer IoT solution doesn't always register to us as a priority. In other words, we're in it for the novelty more than security, so that's what retailers are selling us.

2. Money, money, money

Novelty is cheaper to manufacture than security.

When shiny new technology hits the market, more people want it than can actually afford it. As time goes on, said technology becomes cheaper through competition and learned shortcuts in the manufacturing process. As the price drops, more people begin to buy.

One of those price-dropping shortcuts in IoT is minimal security.

IoT sensor prices have been dropping. According to The Atlas, they may cost as little as $.38 by next year (2020). Even industrial IoT (IIoT) manufacturers are in a fierce race to lower prices and gain market share.

This trend probably won't change until purchasing slows and consumers demand better security from IoT manufacturers. Until then, we'll pay less but we'll also be less secure.

3. Consumer don't care … yet

By the time Troy's army stopped to realize they'd let the enemy through their gate, the fight was over. Fortunately, it's not all doom and gloom for IoT users. Consumers will come around eventually and the market will change.

In the same way that we no longer stand for those internet pop-ups from the mid-2000s, we'll eventually put more care in the level of security that goes into our IoT devices as well. Our buying power will force the industry to become more secure.

Staying Secure

IoT devices can't yet be fully monitored. There's still an underlying uncertainty that remains. Traditional corporate security measure — like firewalls — don't work for protecting IoT.

A localized IT team has limited control because they cannot operate beyond their closed systems. But there are still options. Here are some ways to enjoy more comfort and peace of mind about your current IoT devices:

1. Prioritize specific data

The devices themselves don't need protection. It's the data inside them you want secure. So, back them up. Protect your most important data — the data used in apps and stored on your device — by creating a separate container.

Many companies first turn to storing this important data in the cloud. Be aware: cloud storage through a mobile IoT device may make the device ID accessible to hackers. If the cloud-based device gets deactivated, it can no longer report attacks.

2. Limit user access

The fact that IoT devices are predominantly mobile poses a challenge for averting hackers and dangerous applications. A common solution is to find a secure place to store the device ID.

From the selected secure location, managers can use login credentials (like a PIN) to determine who has access to communicate with the device. By requiring special credentials to access data from your IoT device, you can increase security by limiting who does and does not have access.

3. Be aware of radiation effects from traffic

Even the most sophisticated monitoring systems won't always directly detect whether or not a device is under attack by hackers or dangerous apps.  

However, because an IoT device tends to become part of a network, it can identify hacks and viruses through radiation effects. The network distributor enables a monitoring tool to recognize unusually high amounts of data traffic on a specific port, as well as unusual traffic patterns within the network. These situations should send a warning to the sysadmin, protecting your device from trusting hackers — in the form of a modern Trojan Horse — as they try to sneak through your digital gate.

IoT security is still a new field. The level of care in the market will hopefully grow quickly, which will lead to demand for a higher standard of security in IoT devices. Until then, take extra precautions to ensure your data is secure.

Share this

The Latest

July 16, 2020
eCommerce companies have entered into the domain of mobile applications given the huge number of customers using such apps on their smartphones on the go. However, these apps are vulnerable to both performance and security issues. Performance-wise, the apps may slow down while loading or transacting, give erroneous counts, become non-responsive across devices, and many more. So, the need of the hour for enterprises developing such applications is to invest in eCommerce performance testing ...
July 15, 2020

Digital Experience Monitoring is a tool that should be integrated with an organization's change management strategy. A key benefit of SaaS/cloud is no longer being responsible for software and hardware upgrades, maintenance, and patch cycles. Migrating to Microsoft Office 365 means no longer spending precious time and resources on Windows, Exchange or SharePoint upgrades for example. But that doesn't mean that IT can ignore changes or doesn't need to monitor for their effects ...

July 14, 2020

As systems become more complex and IT loses direct control of infrastructure (hello cloud), it becomes both more difficult and more important to capture and observe, holistically, the user experience. SaaS or cloud apps like Salesforce, Microsoft Office 365, and Workday have become mission-critical to most businesses and therefore need to be examined when it comes to experience monitoring ...

July 13, 2020

Newly distributed operations teams are struggling to cope with the sudden change to the WFH (work from home) concept. IT operations teams were traditionally set up to work from centralized locations, unlike software and engineering teams. Some organizations have overcome that by implementing AIOps solutions; others are using a brute force method of employing more IT operations analysts to keep the distributed NOCs going ...

July 09, 2020

Enterprises that halted their cloud migration journey during the current global pandemic are two and a half times more likely than those that continued their move to the cloud to have experienced IT outages that negatively impacted their SLAs, according to Virtana's latest survey report The Current State of Hybrid Cloud and IT ...