With the Internet of Things (IoT) connecting more and more devices with each passing day, it is expected that by the year 2020, the number of IoT devices will reach around 24 billion out there in the world.
Now, this growth is certainly going to benefit the people in more than many ways and will hugely transform how people execute day-to-day tasks & a lot of other activities. As we live in the times when “impressions” are crucial for a person’s status, hence it will be cool to have a smart-home that will draw the attention of your visitors & guests and certainly make you the talk of the town. Meanwhile, among its significant benefits, one is the smart lighting that will actually be able to largely reduce the energy consumption, thus resulting in lowering down the electricity bill.
With this new technology, linking up connected cars with smart city infrastructure is possible, thus establishing a totally different ecosystem for the car drivers, who until now are accustomed to the conventional way of covering the distance from Area A to Area B. Also, there are connected healthcare devices at the disposal giving people a fuller and deeper look at their own health. So, what more can we ask for?
But these tons of benefits certainly invite some sort of risks and security issues and this is what we will be discussing here today.
Do you know that increased numbers of connected devices are giving cybercriminals and hackers more entry points? And why just security issues, as average customers, are genuinely sharing their concerns over their privacy, with so much of consumer life being connected.
IoT – What makes it vulnerable to security aspect?
IoT is a growth sector, and besides that, it is also a market for buyers and investors, and where consumers are willing to grab the best-possible benefit at a little amount. Quite certainly, this kind of environment encourages vendors & manufactures to economize on money, effort, time and material, hence they enroll into the cheapest ways, hastening to put their services and products out there into the money stream.
This sends a direct invitation to practices, like usage of software code and generic components, access codes, default passwords, vendor-specific PIN numbers. All of this opens a path for an ecosystem that has weak security and exploitable vulnerabilities.
A study carried on by Ponemon Institute and IBM security suggest that around 80% enterprises usually do not test their IoT apps, hence making them vulnerable from a security perspective.
Here we have categorized various areas of IoT security vulnerability that are the most common:
Vulnerable to Hacking: According to the researchers, hackers were successful in hacking these real IoT devices with enough energy and time, within a limited time. Like, a research team at Michigan University and Microsoft discovered a lot of gaps in the security of Samsung’s Smart Things smart-home platform. Unfortunately, the methods didn’t appear complex at all.
Poor On-board Web Interface: There is an onboard web server for most of the IoT devices and it does the job of hosting a web app used in device management. Now, in case, any loopholes found in the underlying code of the web apps and web servers, then that certainly makes the device vulnerable to get attacked – maybe in a remote manner owing to its connectivity to the internet.
Weak mobile security: Weak security on mobile app development often makes the IoT devices vulnerable from a security point of view. The biggest problem lies in the fact that data is being stored on mobile applications. Even though the data that is saved on iOS is less risky as compared to Android app development, still to storage of sensitive data and information on a mobile device is never considered ideal. Like, what if a worker ends up losing a smartphone which contained valuable data in it, that too with no backup.
Vulnerable Cloud & Mobile Management Platforms: As there are a huge number of IoT devices that connect to wireless and cloud mobile networks, hence the poor security and exploitable code in the software & infrastructure, which manages these platforms, has also become a major concern. To address these issues there are management platforms embedded on these devices, but that works only to a certain extent, with there being a risk, these interfaces are not being patched or updated on a regular note.
Concerns regarding Privacy & Data Transfer: Since IoT device comes with a constant flow of information regarding the device and its environment, it is not obvious that it will be delivered to the users. Like, depending on the device and its application, there could be financial, geographic and personal information. In case, there is poor or say no encryption at all on these data streams, then this kind of information becomes vulnerable to be used by third parties, hackers, or maybe eavesdroppers.
Often the companies are not prepared: As per AT&T’s Cybersecurity Insights Report, around 5,000 companies were surveyed across the world and it was found that 85% of them are about to or are planning on a deployment of IoT devices. Still, there are just 10% of companies, which as per the survey, are confident about security infrastructure attuned to devices against hackers.
Weak Authentication protocols: Often it happens that in the manner devices speak to their controllers and each other links them to an open channel. The reason could be the mechanisms used for authorization or authentications of legitimate communications. Perhaps insecure default device settings are deployed automatically, about which users are unaware, or maybe not given the opportunity to reconfigure weak security settings for themselves.
To stay realistic about IoT security risks is the key to combat this problem
Today more and more security researchers are focusing on the IoT, with few of their researchers posing kind of a theoretical risk instead of an actual one – at least for now. Like, one researcher came across this concept where smart lighting was used to filtrate data by compromising an internal network. Now is it possible getting a light in a room fluctuate enough such that it is able to transmit data? It is very doable in the test environment, whereas in the real world it is yet to be proven.
Even though more and more security researchers today are focusing on uncovering a range of IoT security concerns, but Deral Heiland, a veteran penetration tester, stresses the significance of having a realistic perspective. Sharing his experience, he said people keep asking him what to do with all these vulnerabilities that are coming out. His answer to them is quite logical. He states these vulnerabilities are being uncovered and the researchers and testers are making efforts to find a solution in order to combat such situations. This says it all, doesn’t it?