Understanding the needs of IoT Security
Understanding the needs of IoT Security
October 12th, 2020
Guest contributor: Stephen Roderick, Principal-Technology Security.
The Internet of Things (IoT) carries enormous potential to change the global economy for the better, with experts forecasting explosive growth in the number of new and exciting IoT applications. At the same time, with billions of IoT devices, applications, and services already in use and more coming online, IoT security is critical. Poorly secured IoT devices and services can serve as entry points for cyberattacks, potentially compromising the privacy and safety of individual users.
The impacts from exploits of these vulnerabilities include organizations losing millions of dollars in revenue and reputation. In recent years, AT&T’s vulnerability scans have logged a 458% increase in attempts by hackers to find a way into IoT devices, according to AT&T’s latest IoT report.
Here’s a survey of issues, and what you can do about them.
What is the Internet of Things?
The IoT is a network of physical objects (or “things”) embedded with electronics, software, sensors and connectivity. They can interact with other entities such as with users, manufacturers, service providers, and/or other connected devices.
The Internet of Things (IoT) is already enabling exciting innovations that reach across fields from childcare to eldercare, from hospitality to mining, from education to transportation. They can reduce operational complexity and lower costs. They enable remote monitoring, predictive maintenance, and create smart spaces where customers can use mobile apps to monitor and manage their connected products.
IoT is enabled by major growth in several technology trends. We see a rise in demand for “smart” automation that make our homes more interactive using intelligent controls and connected appliances to improve safety and efficiency. In a smart home, as you arrive home your car communicates with the garage to open the door. Once inside, the thermostat is already adjusted to your preferred temperature, and the lighting is set to a lower intensity and your chosen color for relaxation, as your pacemaker data indicates it has been a stressful day. We see demand for comprehensive home security. Intrusions can now be monitored and potentially prevented before things get out of hand, by triggering alarms and alerting authorities.
IoT will also impact the quality of life in our communities. We’ve already begun to see some hints of this change, with innovations like cameras that monitor our driving habits (and result in tickets for misbehavior) and utilities using smart meters to not only measure energy usage but to figure out how to best distribute power throughout the day.
IoT is here to stay, and smart municipalities will use it to their advantage to better manage resources, traffic and quality of life for residents. At the same time, these innovations need to be managed for security and privacy. A hack could take down an entire system. Security concerns will affect the way we manage our communities, and the old infrastructures that have been in place may not be effective in the future.
The Importance of Data
Billions of devices are now collecting and transmitting petabytes of potentially sensitive data. So, data protection, loss prevention and user privacy and safety become critical concerns. Many applications leverage the cloud to store data. Attacks may expose personal sensitive information such as biometrics, health information, personal behavior and location information.
Security researchers from Palo Alto Networks issued a stark warning that cyberattacks on IoT devices are now accelerating at an unprecedented rate. The company’s 2020 Unit 42 IoT Threat Report identifies the top IoT threats and provides recommendations to reduce IoT risk.
Here are some examples of security threats created by consumer connected devices:
- Security researchers discovered a flaw in a home monitoring product from a major online retailer, which gave hackers unauthorized access to the user’s Wi-Fi network and allowed abuse of security cameras, microphones, and speakers
- According to the FBI, smart TVs have several vulnerabilities that allow hackers to not only control your TV, but also stalk your everyday movements and conversations using the integrated camera and microphone.
IoT Security Best Practices
The end-user, often just a regular consumer, is a vital line of defense when it comes to the security of an IoT device. As more of us are working from home, IoT security has even more critical. We need to read the instructions and understand what security features are available. Here are some best practices:
- Turn on the security features and use them. By default, many devices have security turned off in favor of ease of use.
- Passwords should be updated from the default.
- Create a separate network behind a firewall for IoT devices, whenever possible. This helps keep potentially insecure devices away from critical resources.
- Don’t let devices connect automatically to open Wi-Fi networks. Only connect to known public WiFi networks that use encryption.
- Encryption communications to and from the device, if possible.
- When possible, turn the device off when it is not being used. If it is completely powered off it’s a lot harder to be hacked or abused.
- Whether manual or automated, check to make sure your devices are getting updated patches.
- Don’t use features you don’t need. Turn them off.
Choose security manufacturers that are committed to the security and integrity of your IoT devices. If there’s no obvious way to update a potentially vulnerable device, don’t buy it.
Malicious actors may be motivated by financial gain, political hacktivism, thrill seeking or technical pride. The characteristics of many IoT implementations present new and unique security challenges. Addressing these challenges must be a fundamental priority because we must ensure trust in IoT applications.
Remember: Your security is a chain that is only as strong as its weakest link!!