IoT security challenges
IoT security challenges
The Amazon-owned company Ring has earned a notorious reputation for itself in recent years. Once for accidentally revealing user data to both Facebook and Google via third party trackers embedded into their android application, and secondly due to an IoT security breach where cybercriminals successfully hacked into connected doorbell and home monitoring systems installed by several families.
By using a variety of weak, recycled, and default credentials, hackers were able to access live feeds from the cameras around customers’ homes and were even able to communicate remotely using the devices’ integrated microphones and speakers. In fact, more than 30 people in 15 families reported that hackers were verbally harassing them.
In another incident, research submitted to the FDA found that St. Jude Medical’s implantable cardiac devices have vulnerabilities. If hackers were able to gain access, they could deplete the battery or administer incorrect pacing or shocks.
Thankfully no patients have been harmed and St. Jude has solved the problem by developing a software patch to fix the issue that occurred in the device’s transmitter.
These two stories provide substantial evidence to show that IoT security challenges and issues are bound to arise as IoT adoption booms. That being said, let us dive right in and explore the top IoT security challenges, as well as the defence protocols to tackle them.
Top IoT security challenges
Lack of compliance on part of IoT manufacturers: New IoT devices come out daily with undiscovered vulnerabilities. The primary reason behind this is simple: manufacturers do not spend enough time and resources on security.
For example, most fitness trackers with Bluetooth remain visible after the first pairing, smart refrigerators can expose Gmail login credentials, and a smart fingerprint padlock can be accessed using a Bluetooth key, which has the same MAC address as the padlock device.
While there is a lack of universal IoT security standards, manufacturers will continue to create devices with poor security. The following are some security risks in IoT devices from manufacturers:
- Weak, guessable, or hard-coded passwords
- Hardware issues
- Lack of a secure update mechanism
- Old and unpatched embedded operating systems and software
- Insecure data transfer and storage
There’s no magic pill to solve this problem. Source your IoT devices from a trusted manufacturer, who pays special attention to security.
Botnet attacks: To perform a botnet attack, a hacker creates an army of bots by infecting them with malware, and directs them to send thousands of requests per second to bring down the target.
Unfortunately, IoT devices are highly vulnerable to malware attacks and do not have the regular software security updates that a computer has. Much of the uproar about IoT security began after the Mirai bot attack in 2016.
Multiple DDoS (Distributed Denial of Service) attacks using hundreds of thousands of IP cameras, NAS, and home routers were infected and directed to bring down the DNS that provided services to platforms like GitHub, Twitter, Reddit, Netflix, and Airbnb.
What is more, a botnet can pose a security threat for electrical grids, manufacturing plants, transportation systems, and water treatment facilities, which can threaten big groups of people. For example, a hacker could trigger a cooling and heating system at the same time, creating spikes on the power grid; in case of a big-scale attack, hackers can create a nationwide power outage.
Network managers can use adapted IoT Identity and Access Management solutions to access a wide range of device authentication features, and reduce IoT attack exposure.
Two-factor authentication, multi-factor authentication, biometric authentication, etc. ensure that no one can get unauthorized access to the connected devices.
To read more: How IoT Is Improving Transportation and Logistics
Lack of regular patches and updates: IoT products are developed with ease of use and security in mind. They may be secure at the time of purchase but become vulnerable when hackers find new security issues or bugs.
If they are not fixed with regular updates, the IoT devices become exposed over time.
Responsible manufacturers should go the extra mile to fully secure the embedded software or firmware built into their devices. They must release security updates for their IoT devices when vulnerabilities are discovered.
Insufficient data protection: The most frequent security concerns in the data security of IoT applications are due to insecure communications and data storage.
One of the significant challenges for IoT privacy and security is that compromised devices can be used to access confidential data.
In 2017, researchers from Darktrace revealed that they had discovered a sophisticated attack on an unnamed casino.
The cyber hackers accessed a database of high rollers by accessing the network through a thermostat attached to a fish tank. Once they got a foothold in the network, they extracted about 10 GB worth of data.
Cryptography is an effective remedy to this problem. Data encryption prevents data visibility in the case of unauthorized access or theft. It is commonly used to protect data in motion and is increasingly being utilized to protect data at rest.
Poor IoT device management: A study published in July 2020 analyzed over 5 million IoT, IoMT (Internet of Medical Things), and unmanaged connected devices in healthcare, retail, manufacturing and life sciences.
It revealed a stunning range of vulnerabilities across a diverse set of connected objects: shadow IoT (devices in active use without IT’s knowledge), compliance violations, defective and risky medical devices as identified by US Food and Drug Administration.
Ransomware gangs specifically target healthcare more than any other domain in the United States. It’s now, by far, the #1 healthcare breach root cause in the country:
- According to Health IT and security, ransomware attacks on healthcare providers rose by 350% in Q4 2019, and 560 healthcare providers fell victim to ransomware in 2020.
- A Checkpoint Research paper published at the end of 2020 showed that the average number of daily ransomware attacks increased by 50% in Q3 than in H1 2020.
It’s a no-brainer, right?
The mix of old legacy systems and connected devices like patient monitors, ventilators, and thermostats with very poor security features are sometimes especially prone to attacks.
So, these criminals understand that stopping critical applications and holding patient data can put lives at risk and that these organizations are more likely to pay a ransom.
These vulnerabilities and IoT security threats can be radically reduced by implementing IoT device management platforms. They provide cutting-edge lifecycle management capabilities to deploy, monitor, maintain, manage and update IoT devices.
IoT device management platforms provided end-to-end security solutions and provide a holistic view of all devices to enable unified security.
These types of platforms can, for example, help improve asset provisioning, firmware upgrades, security patching, alert, and report on specific metrics associated with IoT assets.
Leverage expert collaborations to solve your IoT security risks
Handling IoT security is a mammoth task. As a top IoT app development company , Hakuna Matata’s team of experts perfectly understand the best practices to ensure successful risk assessment and mitigation.
We believe that security must be considered at the very beginning of the design process. Talk to us and figure out a custom security solution for your IoT landscape.