Jump to content
  • 0

Internet of Things Security Risks


Go to solution Solved by Mohamed Asif,

Internet of Things (IoT) is simply connecting all physical objects to the internet so that they can collect, communicate and exchange data. In more technical terms, it is an ever growing network of objects embedded with chips, softwares, sensors, transmitters or any device with an IP address that is connected to the internet. All these devices being connected to the internet, enable them to communicate among themselves making them accessible and controllable at touch of a few buttons or even voice commands. Cars, home appliances, lighting, wearable health devices, wrist watches, POS machines are some of the most common examples of physical objects being connected using IoT.

 

Internet of Things Security Risks is a broad term that encompasses the risks associated with connecting everything to the internet. Some of the most common elements of IoT security are confidentiality, integrity, availability, authentication, authorization, nonrepudiation etc.

 

An application-oriented question on the topic along with responses can be seen below. The best answer was provided by Mohamed Asif and Shashank Parihar.

 

Applause for all the respondents - Mohamed Asif, Nilesh Gham, Shashank Parihar

Question

Q 212. What are the security concerns with Internet of Things (IoT). Explanation with simple words and examples will be appreciated.  

 

Note for website visitors - Two questions are asked every week on this platform. One on Tuesday and the other on Friday.

Link to post
Share on other sites

4 answers to this question

Recommended Posts

  • 0
  • Solution

IoT (Internet of Things) is connecting things (devices, appliances, utilities, objects, machines, etc.,) to the internet. 

 

Car gate/barrier opening automatically when you reach your home location;  
Air conditioner, washing machine, geyser, TV switching on and off based on the pattern/specification are some of the examples of IoT.

 

IoT-Security-D.jpg.bbafc716ee8792e1e71254cefbe3b5f4.jpg
 

According to a recent research, distribution of multipurpose RAT’s (Remote Access Tools) that affect IoT has doubled in recent years (6.5% in 2018, 12.2% in 2018) 
Source: Kaspersky Global Research and Analysis 

 

Security concerns of IoT:
As multiple devices are connected over the internet, there are possibilities that the information/data can fall into the wrong hands/hackers, results in misusing the data and ascending security concerns such as 

  • Data privacy 
  • Home security
  • Network hacking
  • Distributed Denial of Service attack 
  • Deliberate Radio Frequency jamming 
  • Extortion Losses
  • Theft of financial information/money

Simply to summarize losses could be Physical, digital, economical, psychological, reputation or social damages 

 

Quote

"IoT without security = Internet of Threats" - Stéphane Nappo (2018 Global CISO of the year)

 

There is a clear limitation of IoT Security - We can’t install antivirus in most of the IoT devices (smart TV, internet security cameras) as it does not have adequate computing power to run an antivirus program 
 

To overcome Security concerns on IoT, we could follow some of the best practices listed below,
Creating a strong password for the connected devices, encrypted, complex and not guessable viz., admin, 12345
Reset/Change password in regular frequency 
Not having the same password for all connected devices
Enabling notification for any intrusion / invasion to take rapid action (Intrusion prevention)
Frequently monitoring for suspicious/unusual activities (Anomaly detection) 
Regular application update from hardware vendors for improved security 
Selecting build-in security devices with embedded firmware for IoT connectivity 
 

IoT has great potential, doing due diligence before investing is wise.  

Link to post
Share on other sites
  • 0

One big advantage of IoT is----


1.     Useful in Monitoring – It provides an advantage of knowing things accurately which are well predicted in advance. With IoT, the quantity of supplies, consumption, energy used, distribution etc. gets collected easily.

2.    Useful in collecting data—since systems will be interconnected and used electronics and embedded systems, they will self-collect data ant there will not be data mismatch or data lost.

3.    Useful in analysing data—these systems will have self-diagnostics hence will analyse both structured and un-structured data. Manual digging into data and then analysing it will be relived.

4.    Useful in making decisions--- due to embedded systems these devices and systems will self-diagnose the faults/errors/ supply quantity, etc.

5.    High precision and accuracy—since machines will be preforming the activities themselves, hence the precision and accuracy will be very high.

 

The concept of IoT, self-diagnostic systems, use of Artificial Intelligence, Blockchain technology, Cognitive computing, Robotic process Automation, etc is a new concept for Industry 4.0, ‘Cyber-Physical-Systems”. The concept was first put forward in a meeting in Hanover in 2011, the German industries took the initiative to work forward in this regard.

 

Although there are several benefits of this technology but there are threats & challenges too like---

1. How to handle unstructured data, although we will be using Artificial intelligence for data capturing & analysing but it will require to train machine learning algorithms to make it better to handle such situations and perform intelligent analytics. AI is the future but world’s renowned theoretical physicist & cosmologist Professor Stevens Hawkins, once told to stay away from use of AI as it will pose a great danger to the human society one day!

 

2. Security concerns with wireless data--- IoT devices work using network connectivity. Since data will be transmitted through both wired and wireless medium, the concern is with wireless connectivity (Router, individual systems) as company’s data (cloud, Web-NAS; SAN), mobile data is very crucial and loss or theft of data will be very painful. IoT devices might be hacked and data might be subject to theft. They will have to implement better security features like 128-bit encryption, double-authentication & identification, etc. One of the pioneers in network technology has said “it is better to stay wired”.

 

3. Software updates--- IoT devices might develop lots of vulnerabilities from time to time, it will require to patch& update the system from the threats that pose a great danger due to loopholes in the software system like Operating system, internet security software (malware, ransomware), tracking cookies- they track your movement and send back the data & use pattern, etc.

 

4. Botnets attack--- since we will be using wireless & automated systems, transactions will also be in cryptocurrency (Blockchain technology). The IoT botnets might attack and gain access to the cryptocurrency which will be an ultimate loss to the business organization.

 

5. Other invasions—we use smart systems at home like smart LED TV’s, Amazon’s Alexa, Smart phone, medical devices, other communication devices, vital information systems, hackers might get control over these devices which are either non-standard or have some vulnerabilities and can play mischief with us like data theft (brute force attack, denial of service attack, Phishing attack-banking information, personnel information theft), data manipulation, etc. we can save ourselves by disabling universal plug & play feature in the devices, regularly update firmware. Being non-responsive & sensitive to messages and links. Put devices on guest network as it will not allow access to many features from where an intruder can gain easy access to your smart systems or you can create a separate network with user access control features.

 

6. Legal issues—there are lots of legal & regulatory issues with IoT. Legal liability for unintended use. Technologies have developed faster but the legal & regulatory standards have not come up with the intended pace so there might be conflict between law enforcement surveillance and civil rights. suppose you lost your phone and someone misutilises it then ultimately you will be penalized if you have not informed the concerned agency about the theft or lost. previously many Chinese mobile manufacturer's devices do not had IMEI numbers, so it became vulnerable to trace & track them. 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Who's Online (See full list)

    There are no registered users currently online

  • Forum Statistics

    • Total Topics
      2,855
    • Total Posts
      14,452
  • Member Statistics

    • Total Members
      55,016
    • Most Online
      888

    Newest Member
    Shantnu Kukreja
    Joined
×
×
  • Create New...