Internet of Things Threats

"How many IoT devices exist, with how many computing devices do they share data? How many others have access to that data and what decisions are being made with this data? No one really knows. We just don’t know."

- Rebecca Herold - CEO of Privacy Professor

Internet of Things - IoT

IoT comes from the words "Internet of Things". Basically, it means all internet-connected smart devices. Like smartphones, cars, fridges, washing machines, clocks, lighting… You name it!

The use of internet-connected devices is growing day by day. According to Statista and review42, the global market revenue of IoT devices has grown from $100 billion (in 2017) to $212 billion (in 2020) and it will reach around $1.6 trillion by 2025. Currently, around 20 billion IoT devices are connected to the internet and by 2025 the number is expected to reach 75 billion.

IoT is among the most versatile technologies, which provides not only a great experience for users but is also beneficial for industrial and commercial use. IoT is expected to revolutionize many industries such as healthcare, finance, manufacturing, home automation, and so on. With the quick rise of the new technology and small, Internet-connected devices, cybercriminals are looking forward to exploiting new security flaws. There are many security challenges and issues related to IoT devices yet to be resolved.

Attack Surface of IoT

According to Trend Micro, below are the attack surfaces, or vulnerabilities, for IoT Devices.

Devices

IoT attacks are primarily initiated through the devices. Usually, attackers exploit the vulnerabilities in the device that come from the memory, firmware, web interface, or any network service. Also, attackers take advantage of default settings and outdated systems, which usually remain unsecured by the users.

Communication Channels

Communication channels provide the medium to connect the IoT device to one another and attacks to these devices are also possible through these mediums. Network attacks are common in IoT systems, such as DoS and spoofing attacks. Attackers also take advantage of the security issues in the protocols used in IoT systems.

Applications and Software

Applications and software related to IoT devices could be vulnerable and lead to possible attacks. The attacker could exploit vulnerable web applications to steal passwords or push malicious firmware updates.

Watch This Video about Security Issues in IoT

Internet of Things may seem inaccessible and complex, but in practice, the user experience can be quite familiar. IoT brings along new risks, though, which the following video clearly illustrates.

Video: What is the Internet of Things (IoT) and how can we secure it?

Making IoT Secure

As mentioned before, IoT brings along new risks and threats, since more and more devices are connected to the Internet. The following recommendations from the Open Web Application Security Project (OWASP), focusing on IoT, should always be followed. As you notice, the tips are very similar to what we’re seen before.

  1. Complex and longer passwords should be used, which are difficult to guess and hard to break. Also, avoid using default passwords.

  2. Use secure network services to maintain the confidentiality, integrity, or availability of the information. Don't use insecure network services on the device which could compromise the information in any way.

  3. Always use secure APIs and interfaces with proper authentication, encryption, or filtering. Failure to comply with these could lead to compromise of the device or its related components.

  4. The device should have the ability to get updates securely, including firmware validation, encryption techniques used in transit, rollback options, and notification of update changes.

  5. There should be a mechanism to check outdated and insecure components/libraries, that includes third party software or hardware The user's personal information should be stored securely to provide sufficient privacy protection.

  6. Proper encryption and access control should be implemented for the data in rest, in transit, or in processing.

  7. Proper device management mechanisms and capabilities should be provided.

  8. Default settings of the devices should be modified to make them secure.

  9. Proper physical hardening measures should be done to restrict potential attackers from gaining access to sensitive information.

As you learn more and more about staying safe in the cyber world, you should take a moment to reflect on your own usage and risks. Later on, you’ll get to design a security plan for you and your family, so take some time to focus on the following questions.

Exercise: My Threats

So far, we’ve discussed multiple threats that affect us all in our everyday life. Be in email scams, malware infecting our systems and devices, or malicious actors targeting our very emotions, staying aware of our personal situation is one of the most important ways of staying safe. Remember – we, humans, are the weakest links in a secure system. Think about the following questions, and write a text (or make a slide show) about the threats you might be vulnerable to. Go through your digital life and review the risks we’ve discussed so far. In which ways are you vulnerable?

• How many accounts are you actively using? Is your password security intact?

• Are you using antivirus software and other protective software?

• Are your devices up to date?

• Have you come across social engineering attempts?

• How many Internet-connected devices do you use (smartphones, computers, home appliances)? Are there risks involved in their use?

If you feel like everything is in order, congratulations! Not many of us can say that. If that’s the case, write about the measures you have taken so far and think about what you can do to improve even further. Upload your answer to the Edukamu platform and save a copy for yourself as well. You will need it later on.