Modern Security Challenges For The Internet Of Things



In early July of 2015 hackers remotely turned off a speeding car on a busy highway via the internal network connections. No, this wasn’t a joke, but it wasn’t real either. It was a controlled experiment to see how easily an Internet connected device, the car, could be hacked. Apparently it was pretty easy, and the results were scary to say the least. 

There appears to be a fundamental issue regarding the explosive rise in Internet connected devices and basic security and safety. We lock our doors, code our phones, vault our money, yet why do we allow significant flaws pervade in the vast majority of digital devices with network connections? 

Let’s back up a moment. To give a better description of the IoT security challenges we need to understand what IoT is and how it is used in modern culture. If IoT was segregated to only military applications security challenges would be minor. Yet, for some reason, because there are consumer applications, security challenges are abundantly easy to spot.

 

What Is IoT?

In 1996 Kevin Ashton coined the phrase “Internet of Things” or “IoT. Ashton pioneered the creation of the global standard RFID system that is used everywhere. He discussed that IoT described the way everything in a culture, everything, could have this “interconnectivity” with a digital information system. This “interconnectivity” was the IoT. This basically sums up what IoT is from its earliest vision. Little has changed since then. 

IoT is simply the application of a network connection to certain functionalities of an electronic device. Another name that many of these applications have is “smart device”. For example, certain thermostats can connect to your home Internet. Via your smartphone app, you can connect to your thermostat anywhere in the world and change the settings on your thermostat, making it hotter, cooler, turning it off or on, or any number of alterations to the settings.

It is easy to start to see how there are so many security challenges with internet-connected devices. If you can access a single IoT device, then you could access a network and possibly all of the other IoT devices connected to that network.

How Is IoT Being Used?

Quickly look around the room that you are in and count all of the electronic devices that you see. They don’t have to be digital, just electronic. With the introduction of cheap and power-frugal processors, putting a Wi-Fi enabled chip in any electric circuit became child’s play. 

The benefits of IoT are almost unreal. From communication to control, space and time would be immediately digitally accessible from anywhere in the world. Here is a quick rundown of all of the home IoT accessories on the market right now: light bulbs, door locks, door bells, security cameras, TVs, thermostats, radios, smart speakers, showers, toilets, sprinklers, refrigerators, microwaves, rice and pressure cookers, meat thermometers, cars, alarm systems, vacuums, lawn mowers, and automatic pet feeders. This doesn’t even count the products available for industry or military use.

Consumers use IoT devices as extensions of their senses. Each device better connects them with the living experience and the comfort and safety of their home. This is important because there is an instant acceptance of the technology before it has been fully vetted by society and the tech industry. Instead, consumers see it, want it; buy it; install it; and use it without ever thinking about possible IoT security challenges.

Why Is There An IoT Security Threat?

There is an IoT security threat because consumers don’t necessarily think that there is a threat to their home system. You use your computer or phone everyday to connect with the world around you. You browse social media, email, texts, and websites. There is a connection made by you to another individual or company each time you do one of these things. That is incredibly obvious. So, it makes sense that you shouldn’t click on spam. It makes sense that you should protect your phone and computer against malware. These devices have common sense security assumptions.

It is less intuitive that home IoT devices need security protection. They connect to the home network, which is often secure. Further, only you connect to the IoT device.  Because there is no outside party like in the above scenario it is easy to think that your safety isn’t really a concern. Internet of Things devices do not have common sense security assumptions.

 

What Are The Major IoT Security Vulnerabilities?

The vulnerabilities centered on IoT security are significant but are predictable in the sense they are common amongst any new technology that is rapidly being accepted and deployed in new and untested ways. Understandably so, if you run a home accessory business and have the chance of doubling your sales by putting a $10 chip in your device, you would be dumb not to do it. But that doesn’t mean you should.

  1. Critical Infrastructure
    IoT and other internet-connected devices are well beyond only the consumer’s use. Industries that run critical infrastructures throughout the world rely on IoT devices and embedded devices to help access controls from remote locations. This includes industries like the transportation sector, telecommunications, and the electrical grid. Any DDoS attack on any number of installations via an embedded device could cripple major sectors of a country’s infrastructure and power.
  2. Mass Production
    IoT devices, embedded devices, and any internet-connected device are not unique or special made devices. These devices are mass-produced for mass markets. What vulnerabilities exist for one device will be a vulnerability for all of the other models of that device. 
  3. Lax Security Assumptions
    To err is human, forgive divine.  Both consumers and computer engineers alike failed to take IoT security challenges seriously during much of the early development of the technology. Changing minds has not only been slow but costly.
  4. No Easy Patch
    Sure the device may be an internet-connected device, but that only means that it is capable of talking with the local network and allowing certain access via a smartphone app or browser application. What about firmware updates? Most devices will spend their entire life cycle running the same software that was installed at the factory. And how many times have you updated your computer or smartphone for the purpose of security patches? There doesn’t seem to be an easy way to update the firmware on most IoT devices.
  5. Long Life Cycle
    Technology tends to have a short shelf life before it becomes outdated. You can upgrade your computer and smartphone relatively easily. However, your IoT device has a significantly longer life cycle. This is because your IoT device usually only has one or a few functions. For example, your smart lock can lock and unlock the door. Your smart light bulk can turn on and turn off and maybe change color. As long as these devices continue to perform as needed there is no need to replace them.

    As technology improves so do the methods of hackers and their army of malicious code. If the hardware and software fails to upgrade or improve for the IoT devices then there is no added security and no extra protection gained from advances in tech security.
  6. Proprietary Protocols
    You can’t protect systems that you don’t have access to. Many highly sophisticated industry IoT devices run on industry-specific and proprietary protocols that aren’t generally available. This is a problem for computer engineers trying to develop firewalls to protect against an attack when they don’t know what the attack will be. Industry will need to partner with the tech field to ensure the safety and stability of proprietary IoT device protocols.
  7. Mobile Deployment
    Not all devices are being connected via a central home network. Like the very first example of the hacked car, many internet-connected devices are deployed outside the safety of the home firewall. Cybersecurity then is the real issue at heart. If you go on a road trip with a vulnerable IoT device you are opening yourself up to significant issues.

Best Practices For IoT Security

IoT device hardware and software firms must understand that IoT will continue to be used in more and more critical situations. They will be used more in hospitals, financial institutes, government buildings, consumers’ homes and cars, and confidential or secure industrial situations. The development firms must develop methods to protect against the above vulnerabilities. Here are a few examples of what they could be doing right now:

  • List Improve On Outdated Hardware And Software

    Moving forward aging devices with no updated firmware will dominate the market. This puts consumers and industry at risk and is at least a grave IoT security vulnerability.

  • Improve On Weak And Default Credentials

    IoT devices should never leave the factory with a factory set username and password. These tend to be pre-installed and usually consist of “user”, “Admin”, or something similar. The failure to protect against brute force attacks is a serious vulnerability.

  • Improve On Protection Against Malware And Ransomware

    Cybercriminals are more commonly applying their ransomware tactics to IoT devices. They can hijack a camera and the other IoT devices on the network and refuse to relinquish control until a bounty has been paid.

  • Preventing Predictable Attacks

    Many industry tech specialists are deployed AI powered models that can predict attacks through constant monitoring of large amounts of data. Similarly, development firms should employ similar tactics to prevent security breaks through proactive measures.

  • Improve On Locating Devices With Consumers

    If a development learns of a breach or vulnerability then they should do as much as they can to reach out to all of the devices on the market with that vulnerability to offer guidance and help on a security patch. Like updating any other software there should be some connections from the device to the origin of the code or at least the firm that is managing the security.

What Does The Future Hold For IoT Security?

There will undoubtedly be more DDoS attacks on consumer, business, industrial, and government networks via IoT devices in the coming years. There will be a point during the development and deployment of internet-connected devices that the majority of critical infrastructure will be connected to the Internet. This will only lead to the obvious conclusion that more cybercriminals will be targeting systems necessary to keep everyday smooth for the general public.

Further, it is easy to say that as IoT devices and embedded devices grow in use and popularity financial crimes will grow in number. IT departments will not just need to handle loads of spam but network security flaws that won’t be fixed by the device’s creators. Society must make smart decisions during the acceptance of IoT devices. Security should never take a back seat to market entry or price. 

With the purpose of getting the new impressive functions in IoT world, you should think about choosing right software development partner for your company. Here at KitRUM, we’re always happy to hear from you and help you to get access to the top 5% of most talented application developers. Reach out today to discuss posible cooperation.