Security Over The Internet Of Things

Security over the Internet of Things

The image highlights a button with security written on it (To signify cybersecurity).

From the connection of a toaster to the Internet (via the TCP/IP protocol) to building Smart Cities, the Internet Of Thingsindustry has revolutionized the field of technology. The Internet of Things refers to the connection of devices for collection and sharing of data over a network.

With the advancement of wireless networks, it is now possible to turn the smallest of things. such as a pen into a smart device. (Check out the Livescribe Echo Smartpen!)

A major hurdle in the development of this sector is security vulnerabilities. Security attacks on IoT devices are very hard to detect. but can have very serious consequences as sensors are nowadays ubiquitous. 

Instances of Internet Of Things Security Attacks:

A very notorious IoT network attack was the Mirai-botnet attack that came to light on October 12, 2016. A botnet is a collection of internet-connected computers that are controlled by an external source. The malware targeted Dyn servers that control the domain name system of  Twitter, Netflix, AWS, CNN News, The New York Times, The Boston Globe, and many other companies across the US and Europe. 

The Mirai-botnet was a DDoS( Denial of Service) attack that targeted open Telnet ports.

common IoT devices whose default passwords haven’t been change since then. This led to a flood of HTTP and network-level attacks which overwhelmed the target server knocking it offline.

Silex Attack

Another popular attack was the Silex attack which bricked thousands of devices in 2019. The Silex brickbot affects the device’s storage and tampers with the network configuration.

this results in the crashing of the device. Since most owners of IoT devices do not have the technical expertise to detect the malware.

they end up disposing of the device thinking of the breakdown to be a hardware failure. Instances of security attacks have also been report on healthcare devices as well. The implantable cardiac pacemakers by the St.Jude Medical (now Abbot Medical) withdrew almost 450,000 pacemakers.

due to compromised security which could lead to the draining of battery life of the pacemaker. or even alteration of the patient’s heartbeat.

Common Types of Internet Of Things Attacks

  • Distributed Denial of Service Attack (DDoS):  These types of attacks happen over devices connected online. The attacker overwhelms the target server with traffic beyond its capacity. This leads to the “denial of service” to legitimate requests. This would lead to huge losses in business and damage the reputation of the organization.
  • Man-In-The-Middle: In a man in the middle attack the hacker interferes with the communication between the authorized sender and the receiver. For example, in a paid parking system, the time of parking can be manipulate by the malware which would result in incorrect parking rates.
  • Ransomware: Ransomware is malicious software that denies the user access to the device files and ransoms the user to regain access. It could be very dangerous in bio-medical applications, say in the case of the smart pacemaker, where the life of the patient may be at risk.
  • Eavesdropping: Also known as sniffing attacks refer to unauthorized stealing of sensitive information over a network or a connected device. 
  • Privilege escalation: To gain higher administrative rights on the IoT device or software, the attacker exploits the vulnerabilities in the code of the device in a method called the privilege of escalation.
  • Brute Force Password Attack: Brute force password attack is self-explanatory where the hacker uses probable combinations of password to gain access to the device. However, IoT devices more vulnerable to such attacks as most of the users do not change their default password provided by the manufacturer.

Prevention of IoT Attacks

Changing the default administrator password:  

This is a non-negotiable step to securing your IoT network but yet the most overlooked. To prevent security breaches, set up strong and varied passwords in your login.

Using reliable security software

To keep your data safe, invest in security software also with features including a minimum of a firewall, antivirus, and antispyware on your host system. Since IoT devices are easy targets to gain access to the host server.

this is a basic security measure that must be taken.

Setting up a VPN: 

A VPN service connects the server and the VPN provider through an encrypted connection. This ensures that your data privacy is not compromise while moving it from one location to another.

Setting up a guest network: 

A tip especially useful for users of home automation systems, is to set up separate networks for your IoT devices which are not link up with your laptop or smartphone. 

Encrypting flash data:

Most embedded systems come with flash memory. Hence, This memory is often not encrypted and is vulnerable.  New techniques such as flash-to-cloud are being worked upon.

so that is becoming very difficult for malware to tamper with the firmware of the device.

Secure boot:  

During a secure boot, unauthorized software is prevented from being run during the power-up of the device. This will ensure that the system starts running securely.

and that data collection and use can be initialized without compromise in privacy.

Written by: Suchitra Srinivasan

Reviewed by: Batta Pruthvi

Leave a Comment

Your email address will not be published. Required fields are marked *