The Internet of Things (IoT) is the next wave of automation and “freedom” for consumers and business alike, offering capabilities and computational power to send and receive data over the internet without the involvement of human-to-human or human-to-computer interaction. To the layperson it means seeing your security cameras, doorbell or baby monitor on your smartphone from the office, or the coffee mahine in the lobby alerting your supplier that stock is running low so they automatically deliver Just-in-Time supplies. IoT is IP-enabled, purpose built devices such as Printers, Surveillance Cameras, Smartphones, Tablets, Self-driving Cars, Telematics Boxes, Vending Machines, Infrared Data Association (IrDA), Ultra-Wideband (UWB), WiFi, Cellular networks or anything that connect to and communicates over the internet with little to no human intervention required. In addition, IoT also uses cloud computing, Near Field Communication (NFC), Sensors, Actuators, GPS Services, nanotechnologies, Wireless Sensor Network (WSN), and Radio-Frequency Identification (RFID) to facilitate the automatic networking, communications and information necessary to “automate” their connectivity and interactions, eliminating the need to rely on IT to “make it work”.
Although IoT has made life easier and businesses can reap impressive benefits, we cannot underestimate the power and sophistication of cyber-dangers in this field. Sensitive data is being shared from IoT devices and over IoT communication networks, but security measures are poor at best. Detecting IoT attacks and ensuring security has become a daunting task for security engineers and incident responders.
According to Steffen Sorrell, a Principal Analyst at Juniper Research, “Digital transformation is about becoming ‘digital first’ and data-driven. The IoT is ultimately the provider of that data.”
IoT is facing various challenges that include the lack of secrecy and privacy, scalability, interoperability, poor threat detection, small data size and elucidation, tiny power supply, narrow wireless standards, ineffective error handling, and short-range communication and transmission. Moreover, IoT security specialists have identified five challenges related to resource-constrained IoT.
- Limited Memory and CPU
- Weak passwords
- Lack of security updates and patches
- Vulnerable networking systems
- Having lightweight cryptography
Security vulnerabilities in IoT devices can allow threat actors to take control of them remotely and gain access to affected networks. According to Mandiant, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), IoT provider “Through Tek” have discovered a critical vulnerability affecting millions of IoT devices that cloud enable hackers to spy on audio and video feeds from baby monitors, web cameras, and other devices.
The following section lists the “IoT Top 10 Security Vulnerabilities” published by the Open Web Application Security Project (OWASP).
- Insecure web interface
- Ineffective authorization and authentication
- Ineffective security configuration
- Lack of privacy
- Lack of transport encryption
- Poor network service
- Insecure cloud interface
- Insecure mobile interface
- Insecure firmware and software
- Lack of physical security
As per the 2020 Global IoT/ICS Risk Report published by CyberX, IoT networks involve unmanaged devices that are soft targets for cybercriminals. IoT attacks can inflict damage to intellectual property and cause expensive downtime. McAfee, a cybersecurity firm, reported that malware attacks on IoT gadgets would continue to take place as more than 25 million voice smart speakers or voice assistants were already in use. Below is the list of some attacks that occur on IoT devices:
- Wormhole attack
- Sybil attack
- Sinkhole attack
- Distributed Denial of Service (DDoS)
- Witch attack
- User Wallet attack
- Byzantine Failure
- Replay attack
- Clone node
- Node privacy leak
- HELLO flood attack
- Flash Crowd
- Eclipse attack
- Routing attack
- Transaction malleability attack
The Final Word (Conclusion)
From revolutionizing healthcare, energy, finance, manufacturing and food production, to building cities and smart homes, IoT is everywhere in todays world. However, this technology doesn’t guarantee privacy and security. Kaspersky cybersecurity detected more than 1.5 billion IoT attacks – up from 639 million during the previous half-year. IoT attacks are skyrocketing and manufacturers need to enhance the cybersecurity of IoT devices. Until then, vigilance is a must, and IT teams must be prepared.