Internet of Things (IoT) devices differ from computers, in that their main function isn’t to compute. However, it stands that computation is a means to an end for these devices. This ability has revealed that IoT devices are able to be exploited through vulnerabilities analogous to that of computer systems. George Santayana famously said “Those who cannot remember the past are condemned to repeat it.” It has been over 45 years since the first known instance of a computer worm was written. Yet in the fall of 2016, the Mirai worm spread between IoT devices by exploiting a vulnerability known since the early 1960’s. Are we condemned to repeat the cybersecurity mistakes of the past?
Security of IoT devices is often forerunner of design and features/capabilities for many developers. Nevertheless, with the popularity and maturity of IoT devices rising steadily, and so much at stake, it is important to be proactive when securing this space. By reviewing the history of malware, defenses deployed to thwart it, and malware’s evolution to defeat these defenses on earlier platforms, we will be able to discuss what can be done to prevent repeating these mistakes with IoT. We will also present best practices that can be utilized to strengthen security against recent IoT attacks.