Cyber security in IoT: why is it critical to understand and implement?

18 June 2018 / By TE Author
Internet of things

Internet of Things (IoT) market was worth $157 billion in 2016 and it’s estimated to grow to $475 billion by 2020. The technology is being used in small devices to large projects. Home appliances, vehicles, automobiles, Virtual power plants, DNA analysis devices, heart monitoring implants, intelligent transportation and more – IoT is increasingly being used to build ‘smart’ devices, which are well-connected.

IoT is about giving every single ‘thing’ a unique ID, through which it could be recognized on the internet when connected. Though it all looks essential for the creation of a smart and well-connected world of the future, it raises the security concerns for its users at the same time.

Let’s take a very simple example –

Imagine, you forgot to turn off your AC and using the remote features of your smart AC, you switched it off from your office.

Okay. All looks good yet.

But then, an intruder hacks into your home security and surveillance system due to the existing holes and turns it off.

What just happened?

The same may happen with the devices of enterprises, including printer and cameras.

So, the conclusion is – IoT has two faces.

One is good, as IoT device manufacturers and solution providers market.

Another is what we are talking about here, the one which may lead to serious concerns.

The root cause of the latter is the lack of cybersecurity implementations, as organizations yet neglect it more often. The properties, like real-time communication, data sharing, and remote access are good when in the right hands, but when misused – these may cause issues. By neglecting the need for cybersecurity with IoT, you are keeping your data and physical security at stake.

Here’s why it is critical to understand and implement for you:

The major security issues with IoT devices

Privacy is a major concern

Privacy is a major concern, not only for the IoT but, with all the devices, which are involved in information-sharing or which allow remote access. Hackers and intruders may enter into such devices with unprecedented sophistication – from the public networks, private sources, using wi-fi or other advanced methods.

Here are some of the major cybersecurity issues (and some suggestions to resolve them) which needs to be addressed prior to anything:

  1. Insecure web interface
  2. Plain text credentials being sent, SQL injection, phishing, and other such old-school or advanced-level methods could be used by the hackers to gain access to your IoT-enabled solution if appropriate measures are not taken.

    Solutions

    • Ensure that the web interface has been tested for XSS, SQL, and CSRF vulnerabilities.
    • A strong password or any other locking mechanism.
    • A well-tested solution to filter out unauthorized accesses.
    • Efficient encryption algorithms.
    • Avoid sending credentials in plain text.
    • Detection of third-party anomalies and warning the users about it, when happened.
  3. Insufficient authentication or authorization
  4. Insufficient authorization can result in data loss, lack of accountability or denial of service attack. Authorization and maintaining the hierarchy of controls is mandatory.

    Solutions

    • IoT manufacturers must ensure that every user, device, app, and the process has a unique identity and there should be an effective way to distinguish these.
    • 2-factor authentication
    • The communication in all networks must be encrypted and mutually authenticated
  5. Insecure network services
  6. Attackers use insecure network services to attack users. These attacks may come from internal or external network users. DDoS attacks could be planted too. Enterprises and businesses should especially be aware of such conditions.

    Solutions

    • Make sure that all necessary ports are neither exposed nor available to the outsiders/intruders.
    • A good networking mechanism is required for filtering internet traffic from VPNs and intranets.
    • Making employees aware of internet threats.
    • Limiting the business devices to a particular network rather than allowing the employees to expose these devices to any public/insecure network.
  7. Lack of transport encryption
  8. Insufficient transport layer protection is due to those installed applications, which don’t take any effective measure in the network traffic.

    Solutions for IoT

    • Implementation of better encryption standards.
    • Keeping a check on applications, being accessed through the IoT device.
    • Good communication constraints put in place.
  9. Privacy concerns
  10. Privacy is one of the major cybersecurity concerns, which cannot be put on risk while installing IoT devices and keeping them connected. For instance, you won’t like the broadcasting of the data from the camera, which you have fixed in your kids’ room so that keeping tracking on them becomes easy. But bad algorithms and smart hackers can make the worst happen.

    Solutions

    • Devices must install verified OS.
    • The applications installed on a device must be sandboxed appropriately.
    • The devices should have the capability to protect themselves from intrusion and remote code execution attacks.
  11. Insecure cloud & mobile interface
  12. Cloud and mobile services easily attract buyers from the manufacturers, but these are not as secure as we think. Advancing cloud technology is becoming efficient with every passing day, but it’s not ‘perfect’ yet. There are insecurities that are inherited by IoT too.

    Solutions

    • There should be proper testing on web, cloud or mobile interfaces that they don’t contain any SQL injection, XSS or CSRF vulnerabilities.
    • Strong authentication, encryption, vulnerability detection, and anomaly detection mechanisms are needed.
Overview

Two things look mandatory as per the scenario –

  • Suppliers, manufacturers, vendors, etc. need to develop more secure solutions and protocols need tightening too.
  • Spreading awareness among customers about making the best use of ‘smart’ technology, using their own ‘smart’ brains.

At present, cyber security implementations are not as sophisticated for IoT devices as they should be. So, every ‘smart’ business or home needs to keep the threats of IoT in mind – alongside the benefits they leverage. Good cyber security solutions should, therefore, be utilized by IoT users.