Closing The Gaps In IoT Devices’ Security Is Not An Easy Job

by Sam
Closing The Gaps In IoT Devices’ Security Is Not An Easy Job

Security of the Internet of Things (IoT) is key given the potential damage hackers can create by hijacking huge numbers of networked objects and making zombie botnets. Then again, awareness of enterprise IoT security is not good. As a matter of fact, IoT products from a lot of companies have poor security protocols and measures.

Security challenges and threats IoT devices face – what to know about it?

The Security Research Cyber Risk report of HP for 2015 revealed that 27 percent of IoT control systems were either compromised or infected, more than 80{9c05f240892550a00e7365e64f9ef320b3da4fb0226928700604c09919d68859} of these devices have very simple passwords, and the same amount of these devices retain the same hardware debug interfaces.

Also, more than 70{9c05f240892550a00e7365e64f9ef320b3da4fb0226928700604c09919d68859} of the devices’ communication isn’t encrypted, and almost 90{9c05f240892550a00e7365e64f9ef320b3da4fb0226928700604c09919d68859} have unverified firmware updates, or ones not signed in.

A considerably large number of IoT communications protocols also lack proper security mechanisms and this is an alarming sign.

What does it indicate? The reality is that this levity allowed a successive spate of attacks that targeted and also originated from Machine Learning and IoT devices within the past few years. This also included an internet outage across a large part of the United States west coast, a simulated attack on a Tesla Model S, and a power outage near Kiev in Ukraine.

How bad was the October 2016 internet outage in the United States?

On October 21, 2016, there was a large-scale internet outage in the United States which was among the worst ones ever. It was basically the worst kind of Distributed Denial of Service (DDoS) attack in America’s history where the internet was down for a long period, and it affected the entire eastern coast.

Where did the attack originate from? Tens of millions of IP addresses were the origins and were from mostly IoT devices like IP cameras, routers, DVRs, and Linux servers that were affect by the Mirai virus.

Another problem is that these devices were vulnerable to becoming bots for a DDoS attack as they were using standard and fixed hardcoded passwords plus other insecure modus operandi.

What major challenges face the security mechanisms of IoT devices?

Two major security challenges faced by the security of IoT devices are complex deployment environments and complex network structures. This contains access issues and data processing for immense numbers of devices, complicated network structures, a large number of communication protocols plus differing security requirements across various industries.

The second problem is limit resources for computing and networking. IoT sensors and some gateways have tight constraints in cost and power consumption along with limited computing power and storage features. The outcome is difficulty in running complicated security protocols on these devices.

Security experts from a DDoS protection service provider in Toronto explain that network bandwidth becomes limited and is reduced to kbps.

Architecture security of these devices is a cause of concern

Security requirements of IoT devices, technology, networks, clouds, platforms, applications, and privacy compliances are higher than what they are for typical networks. The key to IoT security is in the creation of device security and protection capabilities.

IoT devices can be roughly divide into two categories based on their features, weak and strong devices. Each has a different kind of demand and security threat category.

Weak IoT devices

Weak IoT devices have weak computing power, limited memory resources, and are sensitive to cost and power consumption. Password usage is either weak or negligible, they are easily counterfeit able and have little to no upgradable features. They are also vulnerable to theft.

In terms of security requirements, they should be able to meet some basic needs which consider computing power and expenses, like DTLS, remote upgrades, and password management. Their usual applications are water and gas meters, car parking, logistics, tracking devices, wearables, and agricultural devices.

Strong IoT devices

Strong Artificial Intelligence and IoT devices have robust computing power with embedded operating systems. This provides hackers multiple ways of attacking them and cyber attacks on these devices have had more impact than other devices.

The typical threats they face are illegal device startups (someone starting up devices from a remote location), and illegal upgrades coming from the wrong resources. In business, Apart from plaintext storage and virus attacks, defects in the system pave the way for these devices to attack.

In terms of security requirements, both basic and enhanced security requirements should fulfilled such as secure device startup, PKI, TPM/TEE, virus protection, and system hardening. These types of IoT devices are usually deploy as IoV, Cameras, IoT gateways, and interactive devices which are handheld.

related posts