IoT stands for internet of things. The internet of things, or IoT, is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.

IoT security is the act of securing the Internet of Things devices and the networks they’re connected to. IoT security has become the subject of inspection after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.

Why IoT Security is important?

A robust IoT security portfolio allows developers to protect their devices from all types of vulnerabilities while deploying the security level that best matches their application needs. Cryptography technologies are used to combat communication attacks.

Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.

What are the main challenges?

IoT devices were not built with security in mind. In the majority of cases, there is no way to install the security on the device itself. In addition, they sometimes ship with malware on them, which then infects the network they are connected to.

Some network security doesn’t have the ability to detect IoT devices connected to it and/or the visibility to know what devices are communicating through the network.

IoT security breaches and IoT hacks

Security experts have long warned of the potential risk of large numbers of unsecured devices connected to the internet since the IoT concept first originated in the late 1990s. It is important to note that many of the IoT hacks don’t target the devices themselves, but rather use IoT devices as an entry point into the larger network.

In 2010, for example, researchers revealed that the Stuxnet virus was used to physically damage Iranian centrifuges, with attacks starting in 2006 but the primary attack occurring in 2009. Often considered one of the earliest examples of an IoT attack, Stuxnet targets supervisory control and data acquisition (SCADA) systems in industrial control systems (ICS), using malware to infect instructions sent by programmable logic controllers (PLCs).

Attacks on industrial networks have only continued, with malware such as CrashOverride/Industroyer, Triton and VPNFilter targeting vulnerable OT and industrial IoT system.

In December 2013, a researcher at enterprise security firm Proofpoint Inc. discovered the first IoT botnet. According to the researcher, more than 25% of the botnet was made up of devices other than computers, including smart TVs, baby monitors, and household appliances.

In 2015, security researchers Charlie Miller and Chris Valasek executed a wireless hack on a Jeep, changing the radio station on the car’s media center, turning its windshield wipers and air conditioner on, and stopping the accelerator from working. They said they could also kill the engine, engage the brakes and disable the brakes altogether. Miller and Valasek were able to infiltrate the car’s network through Chrysler’s in-vehicle connectivity system, Uconnect.

Mirai, one of the largest IoT botnets to date, first attacked journalist Brian Krebs’ website and French web host OVH in September 2016; the attacks clocked in at 630 gigabits per second (Gbps) and 1.1 terabits per second (Tbps), respectively. The following month, domain name system (DNS) service provider Dyn’s network was targeted, making a number of websites, including Amazon, Netflix, Twitter and The New York Times, unavailable for hours. The attacks infiltrated the network through consumer IoT devices, including IP cameras and routers.

In a January 2017 notice, the Food and Drug Administration (FDA) warned the embedded systems in radio frequency-enabled St. Jude Medical implantable cardiac devices, including pacemakers, defibrillators, and resynchronization devices, could be vulnerable to security intrusions and attacks.

While not IoT-specific, the General Data Protection Regulation (GDPR), released in May 2018, unifies data privacy laws across the European Union. These protections extend to IoT devices and their networks and IoT device makers should take them into account. In June 2018, Congress introduced the State of Modern Application, Research, and Trends of IoT Act, or SMART IoT Act, to propose the Department of Commerce to conduct a study of the IoT industry and provide recommendations for the secure growth of IoT devices.

For knowing more details about IOT Vulnerabilities, attacks and how to secure IoT devices Please check part 2.

For any Cyber Security information contact help@theweborion.com