When everyone in the house are sleeping thinking that their door is locked, a hacker ends up taking away all of their money by breaking the Wi-Fi enabled Smart Lock.
Hello everyone, welcome back to our new blog.
Well, by reading the above example you’ve guessed it right — Today we’re going to talk about IoT Security.
But before we start with IoT Security, let’s first understand what does IoT mean.
IoT or Internet of Things is the network of physical devices, vehicles, home appliances and other items embedded with electronics, software, sensors, actuators, and connectivity which enables these things to connect and exchange data, creating opportunities for more direct integration of the physical world into computer-based systems, resulting in efficiency improvements, economic benefits and reduced human exertions. Today, most of the time, we live under the shadow of IoT devices which includes Desktops, Laptops, Smartphones, Tablets, ACs, Car, Remotes, Smart Watches and various sensors.
Now as we know what is IoT, let’s see what IoT Security is –
IoT Security means securing and safeguarding all the device which are connected to each other and the IoT Network.
If we multiply the human population by 3 times, that’s how many IoT devices are present now, and the number of device are expected to cross 50 Billion by 2020. As you can see that the number is quite high and worst thing is most of them are not secure and can be easily hacked.
1. Casino Hacked — Through Its Internet-Connected Fish Tank Thermometer
2. The Mirai Botnet — The largest DDoS attack ever was launched on service provider Dyn using an IoT botnet end up costing $323K
3. Pacemakers Hacked — FDA Recalls Nearly Half a Million Pacemakers Over Hacking Fears
4. The Jeep Hack — Hackers remotely kill a jeep on the highway
Above are some of the examples of IoT hacks, and just by reading these you can guess that everything around you is on high stake of vulnerability and can be easily hacked.
From Room lights to Medical Devices all of the things are hackable, and the large number of devices make it difficult to secure them all.
To be honest, IoT devices doesn’t have so much security and an IoT device averages 25 vulnerabilities, indicating expanding attack surface for adversaries. Number of changes has to be brought in the IoT security field, and a lot of implementation should be done in order to make the IoT devices secure enough for the everyday use.
The main issue with the IoT security is that — in between the idea of networking appliances and other objects, security has not always been considered in product design.
IoT products are often sold with old and unpatched embedded operating systems and software.
Furthermore, purchasers often fail to change the default passwords on smart devices — or if they do change them, fail to select sufficiently strong passwords. To improve security, an IoT device that needs to be directly accessible over the Internet, should be segmented into its own network and have network access restricted. The network segment should then be monitored to identify potential anomalous traffic, and action should be taken if there is a problem.
Factors that affect the security of IoT environment includes -
· Insecure Web Interface
· Insufficient Authentication/Authorization
· Insecure Network Services
· Lack of Transport Encryption/Integrity Verification
· Insecure Cloud Interface
· Insecure Mobile Interface
· Insufficient Security Configuration
· Insecure Software/Firmware
· Poor Physical Security
The attacks which are quite commonly used includes:
· Botnets
· MITM
· Cryptanalysis Attack
· DDoS
· Physical Attacks, like — Micro Probing Reverse Engineering
· Replication Attack
Here’s a checklist that can help you in order to make your IoT devices secure:
· Use protocols like MQTT over SSL
· Authenticate the data transmission
· Always change the default SSH keys
· Devices Must Not Have Open Inbound Ports
· Use End-to-End Encryption
· Token-Based Access Control
· Device Status Monitoring
· User-Friendly Setup and regular upgrades
