Subscribe to our Newsletter | To Post On IoT Central, Click here


iot security (9)

How to Ensure IoT Cybersecurity

Today, the IoT devices are largely used by industries and households, smart bulbs can adjust the intensity of light by themselves, doctors can check the patient data remotely, IoT sensors can help in warehousing, and more, the potential is seemingly endless. There are billions of IoT devices on the field and billions more are expected in the next few years. The data that IoT devices produce are stored on the cloud, for example, a health monitor collects all the information about our health and stores it on the cloud. This information is further analyzed to provide us better services, but on the other hand if someone manages to get the data they can violate our privacy. Thus it is important to ensure the confidentiality and integrity of IoT solutions while mitigating the cybersecurity risks. There are many ways attackers can make their way into your system.

Most common IoT cyber attacks are:

Botnets

A botnet is a network of systems combined to remotely take control of distributing malware, controlled by botnet operators via Command-and-Control-Servers (C&C servers). They are used by attackers on a large scale for many things such as stealing private information, exploiting online banking data or spam, and phishing emails.

Man-in-the-middle

The man-in-the-middle concept is where an attacker is looking to interrupt and breach communication between two separate systems. It can be a dangerous attack because it is one where the attacker secretly intercepts and transmits messages between two parties when they are under the belief that they are communicating directly with each other.

Identity Theft

The main strategy of identity theft is to amass data, and with a little bit of patience, a lot of information can be fetched out. Generally, data is available on the internet, combined with social media information and data from smartwatches, fitness trackers, smart meters, smart fridges, and more. These data give a great all-around idea of your identity.

Recent research indicates that 85% of customers lack confidence in IoT device security, it is important to ensure the security of IoT devices by eliminating the IoT cybersecurity risk. 

Here are some best practices to ensure IoT cybersecurity:

Secure Boot

The secure boot helps a system to stop attacks and infections from malware, it is a feature embedded with IoT devices to detect tampering with the system. It works like a security gate as it restricts unauthorized access by validating the digital signature, detections are blocked from running before they attack the system. Deploying secure boot in the IoT ecosystem is important to ensure cybersecurity.

Secured passwords with two-factor authentication

You can activate two-factor authentication on almost any IoT device, it is important because it ensures authorized access to devices and automates trust into the system. Having two-factor authentication enabled with unusual passwords keeps IoT devices secure from being vulnerable to cyber attacks, it restricts attackers from making their way into the system.

Disabling the UPnP feature

UPnP feature allows an IoT device to get connected with other IoT devices, for example, smart bulbs can be paired with Google Home to turn it off or on via voice command. It is a feature that is convenient for users but poses cybersecurity risks at the same time. If hackers manage to make their way in one device they will easily be able to find another device that is connected. We can easily disable the UPnP feature as most of the IoT devices allow you to disable the UPnP feature from their settings.

Secure data storage

Keeping data in a large enterprise system is secured but the flash storage of a particular embedded device holds some important data from time to time that is not immediately secured or encrypted which can open you up to cybersecurity risk. Thus it is important to have system-level encryption of data for storage of sensitive information. If we do not encrypt the flash storage on the embedded device, someone can easily have their peak at your data.

Bottom Line

Securing IoT devices from cyberattacks is important for households and it is equally important for industries to ensure the confidentiality and integrity of their IoT devices and data produced by IoT devices. Researchers find that data breaches linked to IoT devices have increased rapidly in the past few years, according to a study by Ponemon, the number of cyberattacks due to unsecured connected devices have increased from 15% to 25% in the last two years. Thus securing the IoT devices can never be downplayed.

Author Bio- 

Piyush Jain is the founder and CEO of Simpalm, an app development company in Virginia. Piyush founded Simpalm in 2009 and has grown it to be a leading mobile and web development company in the DMV area. With a Ph.D. from Johns Hopkins and a strong background in technology and entrepreneurship, he understands how to solve problems using technology. Under his leadership, Simpalm has delivered 300+ mobile apps and web solutions to clients in startups, enterprises and the federal sector.

Read more…

 

 

IoT security challenges

 

IoT is a complex network of billions of Internet-connected devices that collect and transmit huge amounts of data across of a wide range of devices (sensors, robots, machinery, mobile apps, digital assistants, etc.) and integrated systems. Also, the data have to pass different administrative boundaries with different policies. Certainly, all of it creates challenges for protecting the IoT ecosystem.

First, companies and organizations have to ensure privacy and confidentiality of user data. Second, data communications should be protected at all levels. So, when building an IoT solution, take care of the “right” data delivery including the right place, time, and form. Third, make all interactions traced and monitored so that suspicious activities will be instantly detected.

There are many IoT security risks and challenges you should know and prevent when developing an IoT project. In terms of increased worry about cyber attacks and data privacy, companies have to establish new security models and integrate innovative technologies. In the IoT world, the use of Blockchain is an emerging trend promising to solve most or even all of IoT security issues.

 

What is Blockchain

 

Blockchain is a technology of the distributed ledger that maintains a continuously increasing number of transactions. Representing an immutable and inconvertible record and being based on cryptographic algorithms, Blockchain provides data security and protects data.

As Blockchain is decentralized, there is no central authority or regulatory body required for transaction approval and management. A distributed technology nature makes computer servers to come to a consensus, allowing transactions to be carried out anonymously and without intermediaries.

Blockchain is also about trust: cryptography is used to prevent technical data forge and distortion. In the chain of blocks, each block contains a hash serving as a link to the previous one. Thus, it’s impossible to substitute an intermediate block in the finished chain.

So, Blockchain provides a high-security level. While the tool is the same, it has many successful applications in a variety of business industries. Mika Lammi, Kinno’s Head of IoT Business Development, Kouvola Innovation Ltd, said: “I believe Blockchain to be one of the truly disruptive and innovative application areas in the world now, and that it will create huge waves across all imaginable business sectors”.

 

Blockchain and IoT

 

Coming up with decentralized, autonomous, and data protection capabilities, Blockchain has a great potential to secure the IoT ecosystem. In the Internet of Things, Blockchain can keep an immutable record of connected devices’ activities and automatically maintain the history of their communications.

What’s more, by integrating the technology, companies and organizations can allow trustless safe message exchanges between IoT devices. In this case, Blockchain will work like in financial transactions: data is transmitted between multiple devices and delivered to the places required. To enable peer-to-peer messaging, businesses can integrate Ethereum smart contracts serving as the agreement between two parties.

For example, let’s take Blockchain and IoT linked together to improve manufacturing operations. Here the use of Blockchain can enable smart devices to not only exchange data, but even automatically execute financial transactions. IoT devices monitor machinery and equipment health, alert managers about problems, and order repairs when required.

In the agriculture industry, farmers can place IoT devices to collect data about crops in order to ensure an efficient functioning of the irrigation system. Smart contracts describe how the solution parts (analytics system, sensors, etc.) should behave based on the conditions defined. This approach helps provide automatic water management.

 

Blockchain advantages for IoT security:

 

  1. Immutable record of all data communications
  2. Monitoring of suspicious activities
  3. Prevention of data forge and distortion
  4. Peer-to-peer messaging between IoT devices
  5. Autonomous functioning of smart devices

 

Today, Blockchain is one of the most promising trends in IoT security field. Decentralized and data protection capabilities make Blockchain a perfect part of IoT solutions. Understanding the technology prospects, many companies have already integrated Blockchain to solve IoT security challenges.

Read more…

 

The Internet of Things plays an important role in today’s life, affecting a plenty of businesses and changing the way we work, live, and entertain. Coming up with workflow automation, remote equipment monitoring, inventory tracking, and real-time data collection, IoT promises to bring innovation in various industries.

Understanding high IoT potential, companies and corporations invest in IoT projects, startups, and initiatives. According to New IDC Spending Guide, the worldwide IoT spending is predicted to reach nearly $1.4 trillion in 2021. What’s more, Gartner research expects the number of IoT-enabled devices will be about 21 billion by 2020.

Though IoT provides many advantages and opportunities, there remain IoT security risks and challenges, that now are of the highest concern. Since today almost everything can be hacked, businesses have to look for and integrate new security mechanisms allowing to ensure data and device protection.

 

The main IoT security risks

 

1. Data Leaks

Smart devices collect and transmit various data that may involve such important information as credit card numbers, zip codes, customer locations, camera images, IP addresses, and much more. A leakage of private/personal/business/financial data can lead a company to money and reputation losses, and harm people’s lives.

2. User verification

Misconfiguration and default passwords use are common reasons for the appearance of device/data vulnerabilities. That’s why engineers should implement the ability for customers to create their own passwords while establishing the highest level of password reliability that all users have to follow.

3. Lack of regulations

Unfortunately, there are often no regulations for IoT devices. The creation of a standards-based approach to security should be a top-priority task for companies, organizations, and even governments.

4. Unknown surveillance

Often unprotected IoT devices can be accessed by any remote user or at least can be easily hacked. The consequences can be poor: for instance, streaming and selling private videos and images (including those from stores, shopping centers, etc.).

 

IoT security recommendations

 

1. Focus on data traffic monitoring. Imagine a cloud IoT solution, that monitors both inbound and outbound traffic, traces all suspicious activities, blocks unsafe communications, instantly alerts users and the central system about potential problems, and prevents data leaks.

2. Implement end-to-end encryption in your application, the most reliable way to protect user data. Famous mobile messengers WhatsApp and Viber added the support of e2e encryption long ago. If your project implies many data/user communications, you can use this approach too.

3. Use reliable tools that help ensure data confidentiality and privacy as well as build a secure and scalable data storage. Integrate a feature of suspicious activity and malicious code monitoring. For example, today we can see an increasing use of AI technology for real-time security monitoring.

4. Focus on testing activities. When developing an IoT solution, pay a lot of attention to the testing/QA process. It’s much better to prevent any security issues at the pre-release stage than waste time for bug fixing after.

5. Integrate a Blockchain decentralized approach. Since Blockchain is based on cryptographic algorithms, it helps protect and manage data. Blockchain has all transactions (interactions) recorded, so the history of smart devices will be also recorded. At the moment, the use of Blockchain for securing the Internet of Things is one of the emerging and most promising trends.

 

As you see, there are really good ways to minimize IoT security vulnerabilities. Here I should note that one of the best recommendations for developing a successful IoT project is to apply to a reliable IT company that would focus on security and data privacy issues. Also, when choosing the company, pay attention whether it meets the GDPR requirements, which will be especially important from the regulation enforcement on May 25, 2018.

 

Read more…
The companies behind smart home devices are tasked with performing something of a balancing act: customers want full featured devices with the convenience of easy purchasing and control over their homes by voice, but those features can be at odds with the cumbersome security measures that would ensure greater safety.
Read more…

This is my first post on IoT Central.  Looking forward to hearing more about IoT from the members.  

I am curious to see what people think of the MKR Labs report on how hackers can turn your Amazon Echo into a listening device.  According to the report, tt seems one of Amazon's most popular and new products is vulnerable to "a physical attack that allows an attacker to gain a root shell on the underlying Linux operating system and install malware without leaving physical evidence of tampering."  This type of malware can give hackers remote access to your Echo.  It will also give them the ability to grab customer authentication tokens and the ability to stream live microphone audio to any other remote services without altering the functionality of the device.  

Today, GearBrain did a post on this news.  I am curious to see what others think about this type of hacking and how big of an issue you think this is to Amazon and other manufacturers of voice controlled digital assistants like Echo.  

Read more…
An accurate and well-structured security analysis is the key for a holistic security concept and therefore for a secure product. But planing and performing a security analysis can be a hard nut to crack. After collecting experience in more than 6 big IoT projects over the last 2 years I decided to share some key facts that can make your life easier if you have to go the same way.
Read more…
Since many embedded devices are deployed outside of the standard enterprise security perimeter, it is critical that security be included in the device itself. Ultimately, some combination of hardware and software may be required. Building protection into the device itself provides a critical security layer whatever options are used. Security must be considered early in the design of a new device or system.
Read more…

The Internet of Things is changing the world, heralded as one of the most pivotal technology trends of the modern era. We are getting ready to enter a time where everything, quite literally, is connected to the Internet.

For the industrial sector, this is a new area of exploration. Factories have smart infrastructures that use sensors to relay data about machine performance. Cities have smart grids that monitor everything from traffic to the energy used by streetlights. Hospitals can monitor the health of high-risk, at-home patients.

In other words, we are entering a hacker's dream world.

Recent attacks, like the Christmas 2015 attack on the Ukraine power grid, have shown that the Internet of Things possesses severe vulnerabilities. These weak points can be everything from back doors that allow a hacker access to a system to lack of proper use by untrained workers. If your business uses IoT devices, there’s a good chance they are not secure.

Why are so many systems left vulnerable? Weaknesses often come from the same set of five drivers:

Pa1e9cCyWAh6tGKUeQF4-UQgSS_pv-Yr6XRzUL7riY2wtQDkm4jWXT6ryb65N136M3onsWQW2y87NGr2N_Vof6fB1VljWojgrNIgU32gKScfKJceanEpf2x75eX3RaKRsT196PEr 

Source: Allerin

Whether your company is struggling because your devices were deployed too quickly or operational costs constraints got in the way, your team must take measures to fix security risks. Here are four security flaws:

1. Lack of Encryption

Any device that is connected to the Internet to relay data needs encryption. When communication between devices and facility machines are now encrypted, it provides a doorway for hackers to send malicious updates, steal data, and even take control of the system. 

In 2014, an Israeli security firm took control of cars using a specific connected telematics device that failed to use proper encryption.

2. Failing to Install Updates

Once you have a machine-to-machine communication​ system working properly, it can be easy to forget to install the necessary updates to keep the network secure. 

Yet, hackers are constantly updating their strategies and tactics. Failing to install updates and patches leaves your system vulnerable. 

Even if you’re worried about breaking integrations between systems, you should at the least install every security update released by the vendor. These updates are specifically designed to address vulnerabilities discovered in your devices. After all, if your vendor releases a security update, it’s because they found a problem.

You also should know that updates and patches are not always the final solution to security vulnerabilities. Unfortunately, many manufacturers are not able or willing to provide the necessary support to continue updating their devices. 

To avoid this risk, shop carefully for systems that provide updates and are backed by a trusted company.

3. Poorly Built Networks

The modern industrial network is designed to get tasks done. If the design focuses too much on completing that task, it will leave weak points in security. Things that are obvious when building IT networks are sometimes less obvious when creating industrial DNP3 and other network architecture.

The solution to this risk is fairly simple. Those tasked with building industrial networks need to ensure they are partnering with IT professionals to build networks that are safer from attacks. Security features, like deep packet inspection and network segmentation, should be in place from the beginning.

4. Sensors Outside of the Company's Control

Most of the sensors and other connected pieces that make up a network are controlled by the company. But for some companies, that is not the case. For example, power companies have sensors in their customer's homes. 

Sensors outside of the company's immediate control are hard to secure, which gives hackers access. Currently, cloud-based security using public key services to authenticate devices may be the best solution to this problem.

Don't Take The Risk

Industrial security breaches can cause devastating consequences.​ Therefore, the above risks need to be addressed.

As more industrial facilities rely on the Internet of Things, it's important for company teams to be aware of the potential vulnerabilities. Take security into full consideration.

Read more…

Upcoming IoT Events

More IoT News

Arcadia makes supporting clean energy easier

Nowadays, it’s easier than ever to power your home with clean energy, and yet, many Americans don’t know how to make the switch. Luckily, you don’t have to install expensive solar panels or switch utility companies…

Continue

Answering your Huawei ban questions

A lot has happened since we uploaded our most recent video about the Huawei ban last month. Another reprieve has been issued, licenses have been granted and the FCC has officially barred Huawei equipment from U.S. networks. Our viewers had some… Continue

IoT Career Opportunities