The Internet of Things (IoT) is a network of interconnected devices and systems, which enable today’s smart ecosystems. IoT enables you to create smart homes, as well as smart office and city environments. Unfortunately, while IoT carries many advantages, poor cyber security practices have created a highly breachable ecosystem.
In this article, you will learn:
To understand the sort of cyber threats that IoT devices and deployments face, it’s helpful to learn about some of the most notable exploits.
1. WiFi firmware bug
This bug affected the Marvell Avastar 88W8897 chipset, deployed in a range of devices including smartphones, Samsung Chromebooks, Xbox One, and PlayStation 4. This vulnerability, discovered in 2019, exploits the chipset’s firmware and enables attackers to execute malicious code without user interaction. Patches have since been released.
2. Silex malware
Inspired by BrickerBot, this malware infected IoT devices and “bricked” the device, causing it to be inoperable. This was accomplished by destroying infected devices’ storage, deleting network configurations, dropping firewall rules, and stopping the device. To correct the issue, device owners have to manually reinstall device hardware which is often more complicated than owners are capable of.
3. Bluetooth exploit
Discovered in July 2019 in the Bluetooth protocol, this exploit enabled attackers to track users and leak ID data. This exploit impacted Windows 10, iOS, and macOS users. This exploit was addressed in May of the same year but many devices were not updated.
4. Spying through smart assistants
Multiple exploits against smart home devices, such as Alexa and Google Home were discovered in 2018. These exploits enabled attackers to use devices to eavesdrop on users and to phish for confidential information. Multiple patches have been deployed but new exploits keep being discovered.
IoT exploits, like those introduced above, stem from a range of vulnerabilities and implementation challenges.
1. Lack of physical hardening
Since IoT devices are often remotely deployed, physical hardening is a serious concern. Devices exposed to the public without security precautions can be manually tampered with or stolen. When implementing physical hardening you should take note of how identifiable and accessible devices are. You should also ensure that any external ports are disabled.
2. Botnet attacks
The creation of a botnet is a common goal for attackers aiming to exploit IoT devices. Botnets are effectively armies of compromised machines that can be used to carry out attacks on other systems. To prevent IoT devices from being used as bots you need to ensure that devices are routinely patched and that traffic is monitored for abnormal behavior.
3. No visibility
The distributed nature of IoT devices combined with possible frequent connections and disconnections from a network can make devices hard to monitor. Without visibility of your devices, you cannot detect or respond to suspicious events. Because of this, ensuring visibility with automated device discovery features is critical.
4. Industrial espionage and eavesdropping
IoT devices can be extensive sources of information for attackers, particularly those with camera or audio feeds. Because of this, you need to be especially careful to protect devices with access to sensitive information. One method for this is to ensure that feeds are encrypted whenever possible.
5. Lack of encryption
Encryption is a powerful tool for keeping data secure but can be challenging to implement on IoT devices. This is because many devices do not have the processing or storage capabilities required for strong encryption. This means that attackers may be able to manipulate encryption algorithms or break encryption keys.
IoT devices may seem like a significant security risk. However, there are several best practices you can employ to reduce IoT security risk and ensure that your system remains secure.
1. Use security analytics
IoT security analytics involve the collection, correlation, and analysis of data from across your data sources. This information is then used to visualize IoT activity, identify suspicious events, and respond to possible threats.
When collecting security analytics information it is important to monitor IoT gateways as well as sensor CPU activity, and in-memory processes. This data can then be combined to provide context for a device's activity and ensure that only approved events occur.
2. Contextual Vulnerability Assessment
Exploits of vulnerabilities are a main entry point to IoT devices. These might be a library allowing code injection that wasn’t patched, hardcoded credentials, or a weak encryption key in a protocol. Performing continuous monitoring of a device’s security posture is crucial, and can be achieved by contextual vulnerability analysis.
Gaining control of the devices SBOM (Software Bill Of Material) is the key success factor of running such a program and a path to maturity of your product’s security while staying one step ahead of the adversaries.
3. Create visibility
When working with IoT devices, your IT team should adopt dedicated visibility tools. For example, network access controls (NACs) and detailed inventories of all possible endpoints on your network. These inventories should be automatically updated as devices are added or dropped and should retain a history of inactive devices. Additionally, access controls should be automatically applied whenever a device connection is made to ensure security without impeding productivity.
4. Implement segmentation
Segmentation involves isolating system components and layering security measures to ensure that sensitive data and systems remain protected. By segmenting your network you can reduce opportunities for attackers to traverse components laterally and restrict vulnerabilities to individual devices.
When segmenting IoT devices, you may find it helpful to segment by categories. For example, infrastructural, data-collecting, or user endpoints. Then, based on the requirements or purpose of each endpoint you can assign network policies that properly prevent unauthorized access.
5. Ensure protected communications
All communications between your devices and your network or your users should be protected. Protected connections help ensure that data isn’t intercepted or modified by attackers.
To ensure this protection, you should implement the strongest possible encryption you can. For example, AES 128 or AES 256. You should also ensure that your encryption keys are not hard coded and that keys are rotated periodically.
6. Ensure device authentication
Device authentication measures can also help you protect your IoT endpoints. These measures can include biometrics, multi-factor authentication, or digital certificates where x.509 is commonly used. With authentication, you can ensure that attackers are unable to access device information even when the device itself is physically available.
When it comes to best practices the identity of the device is kept in “hardware root of trust” such as TPM (Trusted Platform Module) or “secure enclave” of processor named TEE (Trusted Execution Environment).
IoT security challenges are turning IoT into a risk factor not all organizations can handle. Lack of physical hardening and encryption, coupled with practically zero visibility, create a massive amount of exploits. Threat actors often launch botnet attacks for the sole purpose of identifying IoT exploits. They can then use breached IoT for industrial espionage and eavesdropping.
To protect your systems against IoT attacks, you can create visibility, implement segmentation, and use security analytics. To ensure IoT communication and IoT devices are protected, you should also implement encryption and authentication at the network level, as well as at the endpoint level.
September 5, 2023
Unlocking the Potential: How SBOM Practices Revolutionize Tech IndustriesRead More →
August 15, 2023
We recently saw the publication of the National Cybersecurity Strategy Implementation Plan (NCSIP)Read More →
June 1, 2023
Last month I wrote about using a Software Bill of Material (SBOM) as a valuable tool for managing cybersecurity risk.Read More →