The IoT revolution: A new type of fraud

The IoT revolution: A new type of fraud

According to a recent report from Gartner, there will be 30 billion smart devices connected to the internet by 2020. Meanwhile CEO of Cisco, John Chambers believes that this figure could reach 50 billion, opening up the way for a new $19 trillion Internet of Things (IoT) industry. Inevitably, as the IoT revolution is set to take off questions are being asked about the security of connected smart devices.

A 2014 study by cyber-security firm ProofPoint found large scale spam attacks were being undertaken by connected smart devices, including home-networking routers, televisions and even refrigerators. In the report PFPT discovered that of 750,000 spam messages, 25% were being sent out by IoT devices.

With many people now enjoying the use of smartphone applications or smart infrastructure systems to operate things such as their home and car security, central heating and lighting and home entertainment systems, these same people are at risk of being victims of fraud.

As Michael Osterman, Principal Analyst at Osterman Research, explains, “The Internet of Things holds great promise for enabling control of all of the gadgets that we use on a daily basis. It also holds great promise for cyber criminals who can use our homes’ routers, televisions, refrigerators and other internet-connected devices to launch large and distributed attacks.”

Most smart applications and systems store data about the individuals who are using the devices and this wealth of data is a gold mine for fraudsters. The data that is stored can include information such as name and address, locations, daily routines and financial information. These apps are at risk of disruption from outside sources; including fraudsters using malware (malicious software) that enables them to steal data, sometimes even without the consumer knowing.

The scale of the problem is highlighted by ProofPoint’s David Knight who states, “Many of these devices are poorly protected at best, and consumers have virtually no way to detect or fix infections when they do occur.”

Once cyber-criminals have access to this data, they are able to use it to their advantage. That could mean using customer bank details to make fraudulent purchases, as happened in May 2015 when Starbucks customers in America discovered that hundreds of dollars had been stolen from their bank accounts after fraudsters hacked the company’s smartphone app and stole their data. But it could also result in a bigger crime than bank fraud—if thieves gain access to the location-mapping data of smart devices then they are able to know where consumers are or more importantly, where they are not. This vulnerability makes it easier for fraudsters and criminal gangs to target and steal unattended property.

The risks from flaws in IoT security also extend outside of the home, with many businesses the target of fraud. Apps used by businesses to engage with their customers via tablet or smart phone can provide personal information about customers including when and where orders are being delivered. These communication systems provide information about deliveries being made, what is in the delivery and its value, and where the deliveries are being sent and by which vehicle.

Both smartphone apps and the connected systems are vulnerable to interference from fraudsters, leaving businesses exposed to potential attacks that may be looking to damage or steal stock, interrupt services, gather customer information or steal from business premises or vehicles.

Defending against IoT fraud is an industry-wide problem, but with more organisations and consumers across the world adopting the use of IoT technology, steps need to be put in place that protect organisations and individuals from falling victim to this type of fraud. Revector has already developed its Fraud and Revenue Assurance Eco System and is currently developing and testing across Mobile networks in preparation for the expected attacks on IOT.

The security of connected devices and the safety of both consumers and their data are paramount if the IoT revolution is to be more than just a fleeting trend.

Editorial credit: Boyloso /

The IoT revolution: A new type of fraud