You must be relaxing on the poolside chair in a resort in Bali, completely relaxed since your home has a Wi-Fi enabled Smart lock. Suddenly, your neighbours call and inform you that thieves have robbed your house. Still feeling relaxed?
The Wi-Fi enabled smart lock is an example of IoT devices. IoT or Internet of Things are the devices be it a vehicle, physical device or a home appliance, anything that can be operated through internet. Some examples of IoT devices are Tablets, Smartphones, Car, Smart Watches etc.
Since these devices operate entirely through internet, therefore they are as vulnerable to getting hacked as is a personal computer. Due to this, an IoT device needs to be cyber-secure. The process to secure IoT devices is known as IoT security. Today, the number of IoT devices available, are three times the human population and according to an estimate, the number of IoT devices will cross 50 billion by the year 2020.
Why do we need to concern ourselves over the security of IoT devices?
The major concern is the lack of require security for such devices. This concern is backed by many incidents that have happened in the past:
1. A casino was hacked because the attacker hacked the Internet-Connected Fish Tank Thermometer.
2. A jeep was hacked and was remotely killed on the highway by attackers.
3. The Mirai Botnet — The largest DDoS attack ever was launched on a service provider Dyn, using an IoT botnet that resulted in a loss of $323K.
4. Half a million pacemakers were recalled by FBI over the fear of hacking.
It is very important to ensure the security of IoT devices, be it a smartphone or a medical device, everything that is hackable; and the large number of devices make it difficult to secure them all.
On an average there are around 25 vulnerabilities in an IoT device that indicates the possibilities for more attacks. To make sure that the IoT device is secure, a number of changes need to be brought in the IoT devices.
Security must be the top most priority while designing the IoT device which is not usually the case since IoT products are generally sold with old and unpatched embedded operating systems or software.
Users of these devices often forget to change the default passwords set on these devices or they fail to set strong passwords. In order to enhance security, an IoT device should be segmented in its own network and have restricted network access. The network segment should then be monitored to identify possible anomalous traffic and strict action should be taken in case there is a problem.
What are the factors that affect the security of IoT devices?
Factors affecting the security of IoT devices include –
• Insecure Web and Cloud Interface, Network services, Mobile Interface, Software or firmware
• Insufficient Authentication or Authorization, security configuration
• Lack of Transport Encryption or Integrity Verification
• Poor Physical Security
Which attack vectors affect the security of IoT devices?
The attacks that are quite commonly used are Botnets, MITM, Cryptanalysis Attack, DDoS, Physical Attacks such as Micro Probing Reverse Engineering, Replication Attack etc.
How can we secure these IoT devices?
You can refer to the checklist to ensure that your IoT devices are secure:
• By using protocols like MQTT over SSL
• Authenticating the data transmission
• Make sure to change the default SSH keys regularly
• Devices should not have Open Inbound Ports
• Using End-to-End Encryption
• Token-Based Access Control
• Monitoring Device Status
• User-Friendly Setup and upgrades on regular basis