The IoT (Internet of Things), once a buzzword for marketing is now the intelligence in action. Seeping its roots into Artificial Intelligence and Big Data Analytics, major companies like Intel, Verizon, Telenor has now keen interest in pursuing IoT.
So, what is Internet of Things? At its core, IoT is a concept of connecting our personal devices into a single cohesive network. In simple words, it works on the basis of “Anything that can connect to internet, will connect to the internet.”
How does it affect us? Suppose your presence is expected at a meeting at 10 a.m. and your alarm wakes up you at 7 a.m. and notify your coffee maker machine to brew some coffee for you and set thermostat in your shower according to the temperature? What if your car finds itself a best possible traffic route with low traffic or message people at meeting if you are going to run late for office because of heavy traffic? There are endless options IoT-connected device affects our life. A study conducted by the U.K. Government Office for Science suggested that the sheer number of IoT devices could be between 20 to 100 billion. As the IoT connected devices phenomenon rapidly gains traction, security should be the major concern in mind.
Possible security threats
While people are rapidly integrating the concept of IoT-connected devices in their life, recent studies shows that security is not in their priority list, leaving open doors for security risks.
The communication between the embedded IoT-connected device and the application is based on the Cloud. The application has full access into the IoT-device that is being used. For example, a thermostat could reveal the temperature level of a household when people are at home or not. This information if in wrong hands makes it an ideal target for criminals.
Bitdefender, a leading company for security products, raised its concern strongly. Bitdefender Labs, later issued a blog post titled “Hackers Can Use Smart Sockets to Shut Down Critical System” describing the threat with a set of example showcasing the eminent threat to IoT-connected devices.
In the blog post emphasizing the security risks connected with IoT, Alexandru Balan, Chief Security Researcher at Bitdefender says “Up until now most IoT vulnerabilities could be exploited only in the proximity of the smart home they were serving, however, this flaw allows hackers to control devices over the Internet and bypass the limitations of the network address translation. This is a serious vulnerability; we could see botnets made up of these power outlets.”
“One of the most destructive actions an attacker can take is to rip off the existing software and plant malicious software in its place,” says George Cabau, anti-malware researcher at Bitdefender. “For users, the consequences can extend to losing control of all their network-connected devices as they become weapons of attack in a cyber-criminal network, as well as to exposing their email accounts and their contents.”
As IoT-connected devices are a backdoor to personal information. There’s been a lot of debate over the security of the devices and the hack of personal information. It shouldn’t be a surprise to many, that hackers will find means to monetize from hacking IoT devices one way or another.
Current State of IoT
Today, we are entering the era of IoT-connected devices. And there is an uphill struggle ahead for the IoT-connected device to fully integrate into our environment. It still requires substantial engineering in its infrastructure to overcome many constraints associated with it.
As these embedded devices are closely linked with machine language. These devices tend to have little interaction with a human. These devices are expected to behave autonomously and make their own decisions and judgement on whether to command or execute a task on their own.
A recent case study co-conducted by Ruhr-University Bochum in Germany and EURECOM in France showed that IoT-connected device firmware is susceptible to security flaws. Researchers studied vulnerabilities in the web interfaces of IoT devices firmware and they found 9000 vulnerabilities in more than one-third of the vendors analyzed.
Security Measures
To actuate the risks involved, and how corporations and individual can protect themselves from those risks, TechRepublic conducted an intensive roundtable discussion with security experts. While discussing the security threats, questions asked were, how are they a threat? which IoT devices are a threat and what can companies and public do to protect themselves. The debate was extensive but few responses are more important to mention:
Opinion of Reiner Kappenberger, global product manager, HPE Security—data security at Hewlett Packard Enterprise.
“Any connected device or application provides an attack vector for adversaries to potentially capitalize. According to a HPE Internet of Things Research Study, 60% of IoT devices tested raised security concerns with their user interfaces.”
“Businesses should apply a virtual private network (VPN) end-to-end encryption, data-centric security approach throughout the IoT infrastructure. Organizations should encrypt not only the communications, but also commands and values, on a field level, going from the device to the infrastructure and remote control element. This removes risk (even if an attacker is able to impersonate the infrastructure) and enables maximum protection against remote takeover of an IoT device—the biggest threat to IoT security.”
Opinion of Lorie Wigle, general manager of IoT security solutions, Intel Security:
“For businesses, the key to mitigating risks when employees connect for work outside of the workplace is to enforce secure Wi-Fi connections, strong passwords, use of end-to-end encryption of VPN”
She further discussed security measures that should be conducted to prevent such risks:
- Make sure security software is installed, up-to-date, and active on any devices that are connected to your company network or being used to access company data.
- Keep your devices locked and secured when not in use, and require PINs, passwords, or biometric security to unlock internet-enabled devices.
- When working in public locations, use a privacy or blackout screen on phones and laptops to prevent prying eyes.
- Always use encrypted, password-enabled Wi-Fi and connect via VPN.
- Turn off Bluetooth and only enable it when, and if, you need it to avoid unwanted connections from other devices.
- Only download apps from official app stores, and be sure to read and understand the security settings.
- Remember that any device connected to your home Wi-Fi network can introduce a vulnerability. Select IoT and smart home devices that implement good security and keep them up-to-date with vendor-provided patches. Use strong passwords on these devices also.
Since IoT is still new technology in the process towards public at large. The impact of exploits on the end-user is much higher and most of the people ignore the security as an option.
There are several steps that should happen to mitigate the security risks and change the mindset of people:
Spread Awareness:
Many people and companies don’t know the technicalities of security associated with devices. Companies and key decision-maker must understand the security associated with IoT-connected devices and should be implemented from the initial stage rather than considering it as an option.
Accessibility:
The security feature and application should be accessible and easy-to-use to the end-user so that non-experts can handle security from the initial stage.
Consult Experts:
There are many security providers available in the market. But very few are experts in the field of security. Companies and individuals should use the proven and reliable tools during the design and implementation stage.
Use Encryption:
Encryption is seen as a complex thing but it is more useful in increasing the security of your devices. Encrypting your internet network through services like VPN is one of the best way to make it difficult for the attackers to pin-point your location, decrypt your information and passwords.
In general, vendors and software developers should make sure while developing the device and the application to incorporate security at each layer of design and functionality to make it difficult to hack. IoT devices bring great future promises but it has its own inherent shortcomings, which we can overcome through awareness and proper guidance and make security our line of defense.
[su_box title=”About Rebecca James” style=”noise” box_color=”#336588″][short_info id=’88897′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.