SlideShare a Scribd company logo

IoT, Security & the Path to a Solution

Dr Laurent Guiraud
Dr Laurent Guiraud
1 of 8
Download to read offline
IoT, Security & the Path to a Solution In October, internet users around the United States were flummoxed when they couldn’t access a number of their favorite sites—like Twitter, Netflix, Amazon, Spotify, and Reddit—for a good chunk of an entire day. No, the electricity didn’t go out; quite the contrary. It turned out that Dyn, a company that oversees a substantial amount of DNS infrastructure, was the target of a prolonged cyberattack. Here’s what happened: Dyn was hit with a distributed denial of service (DDoS) attack, which involves a group of infected devices called botnets overloading servers with traffic until they buckle under the volume and are knocked offline for an extended period of time. Here’s the catch: While botnets usually are made up of computers, the specific botnet responsible for this attack—called the Mirai botnet, a publicly available malware—is made up of Internet of Things (IoT) devices, like DVR machines, routers, and digital cameras. Since the attackers had so many different and unsuspecting devices to launch the attack from, it made it that much more difficult for Dyn to ward off the invaders and get its servers back online. It’s one thing for the average internet user to realize their laptop is being compromised. It’s quite another for them to think their connected washing machine is being used to stage cyberattacks. To date, the attack against Dyn was the largest DDoS attack that we know of. While in the past DDoS attacks were seen as annoyances because attackers couldn’t leverage that many machines at once, the rise of the IoT and the emergence of an innumerable amount of connected devices has made many systems incredibly more vulnerable to cyberattacks, as the Dyn incident demonstrated so clearly. While IoT devices ostensibly make life easier—think nanny cams, connected refrigerators, and smart home infrastructure—most IoT agents lack serious built-in security because, in an effort to gain market share in a highly competitive market, manufacturers rush their products out. As things stand now, security takes time. The attack on Dyn is just the tip of the iceberg. In the grand scheme of things, not that many connected devices were involved in the attack. According to Gartner, there are already 6.4 billion connected gadgets in the IoT ecosystem. Research projects there will be a whopping 50 billion connected devices by 2020. If hackers were able to do what they did to Dyn with a relatively small amount of devices, imagine the fury they could unleash by commandeering a substantial amount of them? The security of IoT devices—or more appropriately, the lack thereof—is a major issue. Most IoT devices have a false sense of security due to typical weak encryption, the use of default passwords (i.e., many devices across the IoT ecosystem can be accessed with the same password), and the lack of update capabilities. For example, one recent study of 4,000 different
devices revealed that there were only 580 unique keys protecting them. Gain access to one device, and sooner or later you’ll gain access to another with the same key. These security flaws are frightening, to say the least. But, despite the limited murmurs from Silicon Valley indicating there’s a concern, is there really a path to a solution? What can the tech community do to prevent cyberattacks like the one that crippled Dyn from happening again? The State of IoT & Security If we really want to grow the IoT market, we need to get rid of the increasing security and privacy issues that are built into it. It’s that simple. As things stand now, there’s a lot of optimism with respect to the future of the IoT market. Not only does the IoT promise convenience in our personal lives and increased efficiencies in the business world, pundits believe the technology will have a profoundly positive impact on the economy, too. According to IDC, the Internet of Things market will eclipse $1.7 trillion by 2020— quite the uptick from the $655.8 billion the market hauled in during 2014. Despite that traction, the security threat will be growing faster than the market with each new additional advice added to the mix. If we want to realize the true benefits that the IoT promises, we can’t allow that to happen. Every device—from the most inconsequential to the most important—needs formidable security. When you use your laptop or mobile device, you’re constantly monitoring it to make sure it’s working as it’s designed to work. IoT devices are quite different. Once you install your smart refrigerator, you generally don’t tend to check up on it periodically to make sure that it’s still connected to the internet and working as designed. Really, all you care about is that it keeps your food cold. Because IoT devices are left alone once they’re installed, no one is looking after them—except for the hackers that are ready to take control of them. Though the technology promises to be transformative, the IoT has gotten a lot of bad press over the years. Remember the Target hack of 2013? Intruders initially breached Target’s system by gaining access through a third-party refrigeration, heating, and air-conditioning subcontractor. Because someone hacked their refrigeration system, the mega-retailer was eventually forced to fork over upwards of $162 million to settle the issue. Should these kinds of problems keep occurring, the market may very well collapse by itself as people—and businesses—stop trusting IoT devices altogether. Of course, we are still quite far from that tipping point, as people, for the most part, are not that privacy- or security-conscious. (Just think about how much personal information your friends and family members share on Facebook.) Beyond that, most IoT devices are “imposed” on us as part of other devices (e.g., a smart coffee maker) and are seen as inevitable. But things can certainly change if major breaches continue to occur.
Keep in mind that, according to security expert Bruce Schneier, there are three ways hackers can cause problems with data: ● Confidentiality. By accessing your private data, your secrets can be aired out in the open. The Ashley Madison hack showed up how the loss of confidentiality can affect owners of data. ● Integrity. Hackers can alter your data—making it appear you were somewhere when you weren’t or you said something that you didn’t. ● Availability. Attackers can also prevent you from accessing or controlling your devices. Imagine a hacker gaining control of your connected car’s control mechanisms, leaving you unable to steer or brake. While we’ve seen what happens when data confidentiality is compromised, there haven’t been as many well-publicized and harmful infractions against data or device integrity and data or device availability. That may change soon. Still, security issues still play a major role in the IoT market nonetheless. If we want to realize the true potential of the IoT, it’s now or never that we figure out how to improve the security of all connected devices. Because most IoT devices are early generation and have short lives, there is still time to consider the issue seriously. But as IoT devices assume more and more responsibility, performing more and more critical functions when it comes to running our houses, production plants, hospitals, and health monitoring devices, among other things, we will soon reach a point of no return where the issue won’t be manageable. For that reason, it is imperative that device makers and members of the IoT community solve this problem quickly. Otherwise, we may miss out on many game-changing technologies as consumers look for more secure alternatives. The October DDoS Attack: How Much Security Do We Have? According to a summary of the October attack, 100,000 Mirai-infected IoT devices were involved in the DDoS assault on Dyn’s servers. Attack rates as high as 1.2 Tbps were reported—which is quite significant, as most sites are unable to handle rates higher than 10 Gbps (large companies would have a hard time handling 100 Gbps). Some security researchers believe the hackers—having access to as many as 500,000 compromised devices—were actually taking it easy on Dyn. While the Dyn attack is not the first hack through the IoT nor the first DDoS attack—the same method was used to knock France-based hosting provider OVH offline in September—it’s visibility was much larger because it disrupted a key DNS service that provides IP address
lookup functionality for major websites. Amazon Web Services (AWS), for example, hosts many key services, including Netflix. What’s more, the assault on Dyn’s servers gained exposure because of its simplicity. The intruders used the publicly available malware Mirai, after all. At the time of the attack, analysts estimated that 1.2 million IoT devices were infected with the Mirai botnet, though only about 166,000 of those devices were active. This is an interesting kernel of information to say the least. It suggests that most of the devices in the IoT ecosystem today are gadgets that have short lifespans. After consumers get the most out of them, they either break or a newer version comes out. Then it’s on to the next. Of course, this will change in the future as more and more devices assume critical roles and people can’t live without them, both figuratively and literally. While most of the security issues inherent in IoT devices are unknown by the general public, the IT world is aware of the weaknesses many of the gadgets have. Some of the security issues found in the IoT ecosystem are as follows: ● For the most part, IoT devices aren’t under 24/7 monitoring. In addition to someone being able to physically change an unattended device, there’s also the risk of malware being installed on one—which could steal data and change programming. Believe it or not, HP says 70% of IoT gadgets are susceptible to hacking and there is an average of 25 vulnerabilities on each device. ● In an effort to get their products to market as quickly as possible, a number of IoT device manufacturers don’t even add encryption to their products. For example, one connected car startup was found to not have encrypted communications sent from the car to the server. If a bad actor were to intercept that data, there could be serious consequences up to and including commandeering the vehicle. ● A new startup might put out a great IoT gadget. Over time, the startup can either go bankrupt or be acquired by another company. Should that happen, there might not be anyone around who’s thinking about the security of each device the startup used to make. This could lead to severe vulnerabilities in devices that a handful of users depend upon. Despite the awareness of the IT community, at this point no one has come up with a path or a solution that would be easily acceptable and deployed by all organizations in the IoT world, e.g., an ISO standard or a certification. As it stands now, IoT devices have to comply with hardware and network security standards—you can’t sell something that might catch on fire by overheating or something that would interfere with a pacemaker’s signal, for example. But when it comes to security and privacy, it’s the Wild West.
The key issue is that infected IoT devices on their own might not cause any direct harm. But when they work in a network environment, their behavior can be quite disastrous. For example, imagine your connected thermostat increasing the temperature as high as it can go while locking your doors and windows. Or maybe your connected refrigerator gets compromised and an intruder raises the temperature to the point all your food spoils. Worse yet, imagine your smart door lock is hacked, enabling culprits to physically enter your home while you’re at work. The possibilities are truly endless, especially as more and more devices enter the market. On the upside, there have been some initiatives proposed by groups focusing on fixing the problem before it spirals out of control. For example, the Broadband Technical Advisory Group (BITAG) suggests that manufacturers ship devices with up-to-date software while also following best practices for encryption. The group also wants to ensure there’s an easy way for users to notify manufacturers of any bugs or vulnerabilities they may notice while using the product. That way, problems could be addressed right away. BITAG has some more recommendations, too. But unfortunately, it’s not a regulatory body, so the group has no real power. Will industry players acquiesce? As mentioned previously in this ebook, not only do device manufacturers and IT technicians need to protect the IoT devices and technologies that are already out there, they have to figure out how to secure the information and data that’s being transmitted. Once the data and the devices are out in the world, they are no longer protected. For these reasons, we need to act now before too many devices are out there with no protection at all—which could kill the IoT prematurely. A Few Possible Solutions Who knows what the cybersecurity community will ultimately agree needs to be done in order to ensure the confidentiality, integrity, and availability of data and devices in the IoT ecosystem. But one thing is certain: We must act, quickly, if we wish to see the full potential of IoT technology. From hardcoded passwords that can’t be changed to security credentials that have never been changed to reused security keys across multiple devices, it appears as though IoT device manufacturers are violating every basic security practice. And the worst part about it is that unlike smartphones, tablets, and laptops, once IoT devices are out in the world, they cannot be updated (for the time being, anyway). Before we can solve the problem, we first need to recognize the scale of the issue and understand that we need to act differently at different levels of the ecosystem: ● At the user level, it’s all about education. Users need to be aware of the multitude of IoT devices they have as well as the status of each device and any potential issues. As such, all IoT devices should have a unique identifier with a central repository where their
status can be checked. Users should also be encouraged to register their devices in order to receive security bulletins and, potentially, patches down the line. ● At the hardware level, a kill switch should be available that can quickly disable a device. This way, users can be sure that in the event they suspect their devices may be compromised, they can shut them off immediately. Furthermore, devices that have no activity over long periods of time should be disconnected from the network. ● At the network level, it might be time for a new type of technology altogether. IoT devices are highly distributed data nodes that constantly exchange information in hubs or mesh networks, connected to the cloud or not. All of these different combinations make it difficult to understand who or which entity to trust in terms of data security and access to the device. The good news is that one technology has been invented for the use case where there is no central authority that can be trusted: blockchain, the highly decentralized and distributed ledger. Blockchain technology already powers cryptocurrencies like Bitcoin and Ethereum. As more and more IoT devices become part of the ecosystem, blockchain technology can enable specific gadgets to connect to one another securely, with authentication, without the need for a central authority to monitor and facilitate the connections. Already, there have been some initial efforts to adapt blockchain technology to IoT devices. Companies like Filament and IOTA have made inroads into the space. These companies are still in the early stages, but they are pursuing what is likely one of the only paths to ensure proper security throughout the IoT ecosystem. Steps to More Security in the IoT Market As we’ve seen, there are a few paths that lead to securing the IoT. But the question still remains: How can we put blockchain technology in place in a coherent, simple, and organized way? Should we take a platform-centric approach, giving control of overall end-to-end security to the platforms themselves? There are already some manufacturers moving in this direction, like: ● BlackBerry. The company that once was a major player in the phone market is transitioning to an enterprise software company. It recently introduced BlackBerry Secure, an “Enterprise of Things” management platform, which controls things like calendars, emails, contacts, apps, and secure file-sharing tools, among other things. ● Amazon. For a company that sells seemingly everything, it was only a matter of time before Amazon got involved in the computing space. After establishing Amazon Web Services (AWS) as a dominant cloud computing force, Amazon’s kept expanding its
computing offerings. Now, the company has an IoT platform that enables users to connect to AWS and their gadgets, ensuring secure data transfers and granting the ability to manage devices—even when they’re offline. ● Azure. Unsurprisingly, Microsoft has built its own IoT suite as well. The Azure IoT solution professes to enable businesses to capture and analyze data that would otherwise go unnoticed—thereby enabling them to become markedly more efficient. The platform also allows companies to get the peace of mind that comes with knowing their devices can be monitored and updated. While these developments are certainly reassuring for developers and manufacturers, there’s no way for the average end user to understand it—or even be aware of it. What’s more, the platform-centric approach also implies a web of complex partnerships. Imagine you’re trying to use Amazon’s Alexa to switch your Philips Hue lights on and off. In such a scenario, how can you be sure of which platform you’re using for the activated voice service and which one you’re using for the IoT component? What happens when you buy a gadget from Amazon’s universe and want to use it on an Azure-powered network? Should IoT security be embedded in the device and independent of the platform? Should platforms agree on a standard—and device manufacturers forced to build within it? Should the platform-centric approach be the one we take? Can blockchain technology protect the IoT—and allow it to flourish? There are a lot of questions left to ask. And their answers will invariably lead to even more questions. But because of the promises the IoT delivers, it is imperative that we figure out a way to provide a fully secure and transparent IoT ecosystem. The possibilities—from personal, professional, consumer, and business perspectives—are endless.

Recommended

beware of Thing Bot
beware of Thing Botbeware of Thing Bot
beware of Thing BotBellaj Badr
 
All The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected DevicesAll The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected DevicesJohn D. Johnson
 
IOT Security - ICCT College of Engineering
IOT Security - ICCT College of EngineeringIOT Security - ICCT College of Engineering
IOT Security - ICCT College of EngineeringPotato
 
IOT SECURITY: PENETRATION TESTING OF WHITE-LABEL CLOUD-BASED IOT CAMERA COMPR...
IOT SECURITY: PENETRATION TESTING OF WHITE-LABEL CLOUD-BASED IOT CAMERA COMPR...IOT SECURITY: PENETRATION TESTING OF WHITE-LABEL CLOUD-BASED IOT CAMERA COMPR...
IOT SECURITY: PENETRATION TESTING OF WHITE-LABEL CLOUD-BASED IOT CAMERA COMPR...ijcsit
 
IoT and the industrial Internet of Things - june 20 2019
IoT and the industrial Internet of Things - june 20 2019IoT and the industrial Internet of Things - june 20 2019
IoT and the industrial Internet of Things - june 20 2019John D. Johnson
 
LIFT OFF 2017: IoT and MSS Deep Dive
LIFT OFF 2017: IoT and MSS Deep DiveLIFT OFF 2017: IoT and MSS Deep Dive
LIFT OFF 2017: IoT and MSS Deep DiveRobert Herjavec
 
Unauthorized Access Detection in IoT using Canary Token Algorithm
Unauthorized Access Detection in IoT using Canary Token AlgorithmUnauthorized Access Detection in IoT using Canary Token Algorithm
Unauthorized Access Detection in IoT using Canary Token AlgorithmIJSRED
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)SecPod Technologies
 

Recommended

beware of Thing Bot
beware of Thing Botbeware of Thing Bot
beware of Thing BotBellaj Badr
 
All The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected DevicesAll The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected DevicesJohn D. Johnson
 
IOT Security - ICCT College of Engineering
IOT Security - ICCT College of EngineeringIOT Security - ICCT College of Engineering
IOT Security - ICCT College of EngineeringPotato
 
IOT SECURITY: PENETRATION TESTING OF WHITE-LABEL CLOUD-BASED IOT CAMERA COMPR...
IOT SECURITY: PENETRATION TESTING OF WHITE-LABEL CLOUD-BASED IOT CAMERA COMPR...IOT SECURITY: PENETRATION TESTING OF WHITE-LABEL CLOUD-BASED IOT CAMERA COMPR...
IOT SECURITY: PENETRATION TESTING OF WHITE-LABEL CLOUD-BASED IOT CAMERA COMPR...ijcsit
 
IoT and the industrial Internet of Things - june 20 2019
IoT and the industrial Internet of Things - june 20 2019IoT and the industrial Internet of Things - june 20 2019
IoT and the industrial Internet of Things - june 20 2019John D. Johnson
 
LIFT OFF 2017: IoT and MSS Deep Dive
LIFT OFF 2017: IoT and MSS Deep DiveLIFT OFF 2017: IoT and MSS Deep Dive
LIFT OFF 2017: IoT and MSS Deep DiveRobert Herjavec
 
Unauthorized Access Detection in IoT using Canary Token Algorithm
Unauthorized Access Detection in IoT using Canary Token AlgorithmUnauthorized Access Detection in IoT using Canary Token Algorithm
Unauthorized Access Detection in IoT using Canary Token AlgorithmIJSRED
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)SecPod Technologies
 
Your Smart Devices Could Be Killing You!
Your Smart Devices Could Be Killing You!Your Smart Devices Could Be Killing You!
Your Smart Devices Could Be Killing You!Robin M Austin
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSomasundaram Jambunathan
 
The Devices are Coming! How the “Internet of Things” will affect IT.
The Devices are Coming! How the “Internet of Things” will affect IT.The Devices are Coming! How the “Internet of Things” will affect IT.
The Devices are Coming! How the “Internet of Things” will affect IT.Spiceworks Ziff Davis
 
Security 2 Q 07[1]
Security 2 Q 07[1]Security 2 Q 07[1]
Security 2 Q 07[1]Sharpe Smith
 
Cybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkCybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkClearnetwork
 
New trends of IoT in 2018 and beyond (SJSU Conference )
New trends of IoT in 2018 and beyond (SJSU Conference ) New trends of IoT in 2018 and beyond (SJSU Conference )
New trends of IoT in 2018 and beyond (SJSU Conference ) Ahmed Banafa
 
Security Architecture for Small Branch and IoT
Security Architecture for Small Branch and IoTSecurity Architecture for Small Branch and IoT
Security Architecture for Small Branch and IoTBarcoding, Inc.
 
Jan 2018: IoT trends in silicon valley keynote at consumer electronics forum ...
Jan 2018: IoT trends in silicon valley keynote at consumer electronics forum ...Jan 2018: IoT trends in silicon valley keynote at consumer electronics forum ...
Jan 2018: IoT trends in silicon valley keynote at consumer electronics forum ...Sudha Jamthe
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enKarel Van Isacker
 
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT SecurityCableLabs
 
Internet of Things: Challenges and Issues
Internet of Things: Challenges and IssuesInternet of Things: Challenges and Issues
Internet of Things: Challenges and Issuesrjain51
 
Four essential truths of the IoT
Four essential truths of the IoTFour essential truths of the IoT
Four essential truths of the IoTW. David Stephenson
 
A Wake-Up Call for IoT
A Wake-Up Call for IoT A Wake-Up Call for IoT
A Wake-Up Call for IoT Ahmed Banafa
 
Intel and the Internet of Things
Intel and the Internet of ThingsIntel and the Internet of Things
Intel and the Internet of ThingsDaren Dunkel
 
4 principles to get full benefit of the Internet of Things
4 principles to get full benefit of the Internet of Things4 principles to get full benefit of the Internet of Things
4 principles to get full benefit of the Internet of ThingsW. David Stephenson
 
Internet of Things - Desire for Convenience Brings Multiple New Attack Vectors
Internet of Things - Desire for Convenience Brings Multiple New Attack VectorsInternet of Things - Desire for Convenience Brings Multiple New Attack Vectors
Internet of Things - Desire for Convenience Brings Multiple New Attack VectorsCraig Walker, CISSP
 
IoT and Blockchain Convergence
IoT and Blockchain ConvergenceIoT and Blockchain Convergence
IoT and Blockchain ConvergenceAhmed Banafa
 
Internet of things
Internet of thingsInternet of things
Internet of thingsvarungoyal98
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoTSKS
 
Keeping IT in Control of Mac in the Enterprise
Keeping IT in Control of Mac in the EnterpriseKeeping IT in Control of Mac in the Enterprise
Keeping IT in Control of Mac in the EnterpriseParallels Inc
 
Security issues and solutions : IoT
Security issues and solutions : IoTSecurity issues and solutions : IoT
Security issues and solutions : IoTJinia Bhowmik
 

More Related Content

What's hot

Your Smart Devices Could Be Killing You!
Your Smart Devices Could Be Killing You!Your Smart Devices Could Be Killing You!
Your Smart Devices Could Be Killing You!Robin M Austin
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSomasundaram Jambunathan
 
The Devices are Coming! How the “Internet of Things” will affect IT.
The Devices are Coming! How the “Internet of Things” will affect IT.The Devices are Coming! How the “Internet of Things” will affect IT.
The Devices are Coming! How the “Internet of Things” will affect IT.Spiceworks Ziff Davis
 
Security 2 Q 07[1]
Security 2 Q 07[1]Security 2 Q 07[1]
Security 2 Q 07[1]Sharpe Smith
 
Cybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkCybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkClearnetwork
 
New trends of IoT in 2018 and beyond (SJSU Conference )
New trends of IoT in 2018 and beyond (SJSU Conference ) New trends of IoT in 2018 and beyond (SJSU Conference )
New trends of IoT in 2018 and beyond (SJSU Conference ) Ahmed Banafa
 
Security Architecture for Small Branch and IoT
Security Architecture for Small Branch and IoTSecurity Architecture for Small Branch and IoT
Security Architecture for Small Branch and IoTBarcoding, Inc.
 
Jan 2018: IoT trends in silicon valley keynote at consumer electronics forum ...
Jan 2018: IoT trends in silicon valley keynote at consumer electronics forum ...Jan 2018: IoT trends in silicon valley keynote at consumer electronics forum ...
Jan 2018: IoT trends in silicon valley keynote at consumer electronics forum ...Sudha Jamthe
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enKarel Van Isacker
 
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT SecurityCableLabs
 
Internet of Things: Challenges and Issues
Internet of Things: Challenges and IssuesInternet of Things: Challenges and Issues
Internet of Things: Challenges and Issuesrjain51
 
Four essential truths of the IoT
Four essential truths of the IoTFour essential truths of the IoT
Four essential truths of the IoTW. David Stephenson
 
A Wake-Up Call for IoT
A Wake-Up Call for IoT A Wake-Up Call for IoT
A Wake-Up Call for IoT Ahmed Banafa
 
Intel and the Internet of Things
Intel and the Internet of ThingsIntel and the Internet of Things
Intel and the Internet of ThingsDaren Dunkel
 
4 principles to get full benefit of the Internet of Things
4 principles to get full benefit of the Internet of Things4 principles to get full benefit of the Internet of Things
4 principles to get full benefit of the Internet of ThingsW. David Stephenson
 
Internet of Things - Desire for Convenience Brings Multiple New Attack Vectors
Internet of Things - Desire for Convenience Brings Multiple New Attack VectorsInternet of Things - Desire for Convenience Brings Multiple New Attack Vectors
Internet of Things - Desire for Convenience Brings Multiple New Attack VectorsCraig Walker, CISSP
 
IoT and Blockchain Convergence
IoT and Blockchain ConvergenceIoT and Blockchain Convergence
IoT and Blockchain ConvergenceAhmed Banafa
 
Internet of things
Internet of thingsInternet of things
Internet of thingsvarungoyal98
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoTSKS
 

What's hot (20)

Your Smart Devices Could Be Killing You!
Your Smart Devices Could Be Killing You!Your Smart Devices Could Be Killing You!
Your Smart Devices Could Be Killing You!
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of Things
 
The Devices are Coming! How the “Internet of Things” will affect IT.
The Devices are Coming! How the “Internet of Things” will affect IT.The Devices are Coming! How the “Internet of Things” will affect IT.
The Devices are Coming! How the “Internet of Things” will affect IT.
 
Security 2 Q 07[1]
Security 2 Q 07[1]Security 2 Q 07[1]
Security 2 Q 07[1]
 
Cybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkCybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by Clearnetwork
 
New trends of IoT in 2018 and beyond (SJSU Conference )
New trends of IoT in 2018 and beyond (SJSU Conference ) New trends of IoT in 2018 and beyond (SJSU Conference )
New trends of IoT in 2018 and beyond (SJSU Conference )
 
Security Architecture for Small Branch and IoT
Security Architecture for Small Branch and IoTSecurity Architecture for Small Branch and IoT
Security Architecture for Small Branch and IoT
 
Jan 2018: IoT trends in silicon valley keynote at consumer electronics forum ...
Jan 2018: IoT trends in silicon valley keynote at consumer electronics forum ...Jan 2018: IoT trends in silicon valley keynote at consumer electronics forum ...
Jan 2018: IoT trends in silicon valley keynote at consumer electronics forum ...
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
 
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
 
Internet of Things: Challenges and Issues
Internet of Things: Challenges and IssuesInternet of Things: Challenges and Issues
Internet of Things: Challenges and Issues
 
Four essential truths of the IoT
Four essential truths of the IoTFour essential truths of the IoT
Four essential truths of the IoT
 
A Wake-Up Call for IoT
A Wake-Up Call for IoT A Wake-Up Call for IoT
A Wake-Up Call for IoT
 
Intel and the Internet of Things
Intel and the Internet of ThingsIntel and the Internet of Things
Intel and the Internet of Things
 
4 principles to get full benefit of the Internet of Things
4 principles to get full benefit of the Internet of Things4 principles to get full benefit of the Internet of Things
4 principles to get full benefit of the Internet of Things
 
Internet of Things - Desire for Convenience Brings Multiple New Attack Vectors
Internet of Things - Desire for Convenience Brings Multiple New Attack VectorsInternet of Things - Desire for Convenience Brings Multiple New Attack Vectors
Internet of Things - Desire for Convenience Brings Multiple New Attack Vectors
 
IoT and Blockchain Convergence
IoT and Blockchain ConvergenceIoT and Blockchain Convergence
IoT and Blockchain Convergence
 
Internet of things
Internet of thingsInternet of things
Internet of things
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoT
 

Viewers also liked

Keeping IT in Control of Mac in the Enterprise
Keeping IT in Control of Mac in the EnterpriseKeeping IT in Control of Mac in the Enterprise
Keeping IT in Control of Mac in the EnterpriseParallels Inc
 
Security issues and solutions : IoT
Security issues and solutions : IoTSecurity issues and solutions : IoT
Security issues and solutions : IoTJinia Bhowmik
 
How IoT Is Breaking The Internet
How IoT Is Breaking The InternetHow IoT Is Breaking The Internet
How IoT Is Breaking The InternetCarl J. Levine
 
IoT Lock Down - Battling the Bot Net Builders
IoT Lock Down - Battling the Bot Net BuildersIoT Lock Down - Battling the Bot Net Builders
IoT Lock Down - Battling the Bot Net BuildersAdam Englander
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsLiwei Ren任力偉
 
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)Amazon Web Services
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT securityJulien Vermillard
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud Amazon Web Services
 
Social Networking Presentation
Social Networking PresentationSocial Networking Presentation
Social Networking PresentationAnusorn Kansap
 

Viewers also liked (9)

Keeping IT in Control of Mac in the Enterprise
Keeping IT in Control of Mac in the EnterpriseKeeping IT in Control of Mac in the Enterprise
Keeping IT in Control of Mac in the Enterprise
 
Security issues and solutions : IoT
Security issues and solutions : IoTSecurity issues and solutions : IoT
Security issues and solutions : IoT
 
How IoT Is Breaking The Internet
How IoT Is Breaking The InternetHow IoT Is Breaking The Internet
How IoT Is Breaking The Internet
 
IoT Lock Down - Battling the Bot Net Builders
IoT Lock Down - Battling the Bot Net BuildersIoT Lock Down - Battling the Bot Net Builders
IoT Lock Down - Battling the Bot Net Builders
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and Solutions
 
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
 
Social Networking Presentation
Social Networking PresentationSocial Networking Presentation
Social Networking Presentation
 

Similar to IoT, Security & the Path to a Solution

Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxvoversbyobersby
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxmariuse18nolet
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxtjane3
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxlmelaine
 
Personal data breaches and securing IoT devices· By Damon Culber.docx
Personal data breaches and securing IoT devices· By Damon Culber.docxPersonal data breaches and securing IoT devices· By Damon Culber.docx
Personal data breaches and securing IoT devices· By Damon Culber.docxherbertwilson5999
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxvrickens
 
SIEM-based detection and mitigation of IoT-botnet DDoS attacks
SIEM-based detection and mitigation of IoT-botnet DDoS attacksSIEM-based detection and mitigation of IoT-botnet DDoS attacks
SIEM-based detection and mitigation of IoT-botnet DDoS attacksIJECEIAES
 
A Survey Report on : Security & Challenges in Internet of Things
A Survey Report on : Security & Challenges in Internet of ThingsA Survey Report on : Security & Challenges in Internet of Things
A Survey Report on : Security & Challenges in Internet of Thingsijsrd.com
 
Qrator Labs annual report 2017
Qrator Labs annual report 2017Qrator Labs annual report 2017
Qrator Labs annual report 2017Qrator Labs
 
White Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked SocietyWhite Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked SocietyEricsson
 
Internet & iot security
Internet & iot securityInternet & iot security
Internet & iot securityUsman Anjum
 
A Quick Guide On What Is IoT Security_.pptx
A Quick Guide On What Is IoT Security_.pptxA Quick Guide On What Is IoT Security_.pptx
A Quick Guide On What Is IoT Security_.pptxTurboAnchor
 
Ethical, Legal and Social issues IoT
Ethical, Legal and Social issues IoTEthical, Legal and Social issues IoT
Ethical, Legal and Social issues IoTLuckeylama
 
IoT Security: Penetration Testing of White-label Cloud-based IoT Camera Compr...
IoT Security: Penetration Testing of White-label Cloud-based IoT Camera Compr...IoT Security: Penetration Testing of White-label Cloud-based IoT Camera Compr...
IoT Security: Penetration Testing of White-label Cloud-based IoT Camera Compr...AIRCC Publishing Corporation
 
IoT Security: Penetration Testing of White-label Cloud-based IoT Camera Compr...
IoT Security: Penetration Testing of White-label Cloud-based IoT Camera Compr...IoT Security: Penetration Testing of White-label Cloud-based IoT Camera Compr...
IoT Security: Penetration Testing of White-label Cloud-based IoT Camera Compr...AIRCC Publishing Corporation
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecurityCigniti Technologies Ltd
 
The Internet Of Things ( Iot And The Internet
The Internet Of Things ( Iot And The InternetThe Internet Of Things ( Iot And The Internet
The Internet Of Things ( Iot And The InternetMichelle Singh
 
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACTSECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACTvishal dineshkumar soni
 
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C... Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...IndianAppDevelopers
 

Similar to IoT, Security & the Path to a Solution (20)

Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docx
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docx
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docx
 
Personal data breaches and securing IoT devices· By Damon Culber.docx
Personal data breaches and securing IoT devices· By Damon Culber.docxPersonal data breaches and securing IoT devices· By Damon Culber.docx
Personal data breaches and securing IoT devices· By Damon Culber.docx
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
 
SIEM-based detection and mitigation of IoT-botnet DDoS attacks
SIEM-based detection and mitigation of IoT-botnet DDoS attacksSIEM-based detection and mitigation of IoT-botnet DDoS attacks
SIEM-based detection and mitigation of IoT-botnet DDoS attacks
 
iot ppt.pptx
iot ppt.pptxiot ppt.pptx
iot ppt.pptx
 
A Survey Report on : Security & Challenges in Internet of Things
A Survey Report on : Security & Challenges in Internet of ThingsA Survey Report on : Security & Challenges in Internet of Things
A Survey Report on : Security & Challenges in Internet of Things
 
Qrator Labs annual report 2017
Qrator Labs annual report 2017Qrator Labs annual report 2017
Qrator Labs annual report 2017
 
White Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked SocietyWhite Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked Society
 
Internet & iot security
Internet & iot securityInternet & iot security
Internet & iot security
 
A Quick Guide On What Is IoT Security_.pptx
A Quick Guide On What Is IoT Security_.pptxA Quick Guide On What Is IoT Security_.pptx
A Quick Guide On What Is IoT Security_.pptx
 
Ethical, Legal and Social issues IoT
Ethical, Legal and Social issues IoTEthical, Legal and Social issues IoT
Ethical, Legal and Social issues IoT
 
IoT Security: Penetration Testing of White-label Cloud-based IoT Camera Compr...
IoT Security: Penetration Testing of White-label Cloud-based IoT Camera Compr...IoT Security: Penetration Testing of White-label Cloud-based IoT Camera Compr...
IoT Security: Penetration Testing of White-label Cloud-based IoT Camera Compr...
 
IoT Security: Penetration Testing of White-label Cloud-based IoT Camera Compr...
IoT Security: Penetration Testing of White-label Cloud-based IoT Camera Compr...IoT Security: Penetration Testing of White-label Cloud-based IoT Camera Compr...
IoT Security: Penetration Testing of White-label Cloud-based IoT Camera Compr...
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application Security
 
The Internet Of Things ( Iot And The Internet
The Internet Of Things ( Iot And The InternetThe Internet Of Things ( Iot And The Internet
The Internet Of Things ( Iot And The Internet
 
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACTSECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
 
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C... Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...
 

IoT, Security & the Path to a Solution

  • 1.
  • 2. IoT, Security & the Path to a Solution In October, internet users around the United States were flummoxed when they couldn’t access a number of their favorite sites—like Twitter, Netflix, Amazon, Spotify, and Reddit—for a good chunk of an entire day. No, the electricity didn’t go out; quite the contrary. It turned out that Dyn, a company that oversees a substantial amount of DNS infrastructure, was the target of a prolonged cyberattack. Here’s what happened: Dyn was hit with a distributed denial of service (DDoS) attack, which involves a group of infected devices called botnets overloading servers with traffic until they buckle under the volume and are knocked offline for an extended period of time. Here’s the catch: While botnets usually are made up of computers, the specific botnet responsible for this attack—called the Mirai botnet, a publicly available malware—is made up of Internet of Things (IoT) devices, like DVR machines, routers, and digital cameras. Since the attackers had so many different and unsuspecting devices to launch the attack from, it made it that much more difficult for Dyn to ward off the invaders and get its servers back online. It’s one thing for the average internet user to realize their laptop is being compromised. It’s quite another for them to think their connected washing machine is being used to stage cyberattacks. To date, the attack against Dyn was the largest DDoS attack that we know of. While in the past DDoS attacks were seen as annoyances because attackers couldn’t leverage that many machines at once, the rise of the IoT and the emergence of an innumerable amount of connected devices has made many systems incredibly more vulnerable to cyberattacks, as the Dyn incident demonstrated so clearly. While IoT devices ostensibly make life easier—think nanny cams, connected refrigerators, and smart home infrastructure—most IoT agents lack serious built-in security because, in an effort to gain market share in a highly competitive market, manufacturers rush their products out. As things stand now, security takes time. The attack on Dyn is just the tip of the iceberg. In the grand scheme of things, not that many connected devices were involved in the attack. According to Gartner, there are already 6.4 billion connected gadgets in the IoT ecosystem. Research projects there will be a whopping 50 billion connected devices by 2020. If hackers were able to do what they did to Dyn with a relatively small amount of devices, imagine the fury they could unleash by commandeering a substantial amount of them? The security of IoT devices—or more appropriately, the lack thereof—is a major issue. Most IoT devices have a false sense of security due to typical weak encryption, the use of default passwords (i.e., many devices across the IoT ecosystem can be accessed with the same password), and the lack of update capabilities. For example, one recent study of 4,000 different
  • 3. devices revealed that there were only 580 unique keys protecting them. Gain access to one device, and sooner or later you’ll gain access to another with the same key. These security flaws are frightening, to say the least. But, despite the limited murmurs from Silicon Valley indicating there’s a concern, is there really a path to a solution? What can the tech community do to prevent cyberattacks like the one that crippled Dyn from happening again? The State of IoT & Security If we really want to grow the IoT market, we need to get rid of the increasing security and privacy issues that are built into it. It’s that simple. As things stand now, there’s a lot of optimism with respect to the future of the IoT market. Not only does the IoT promise convenience in our personal lives and increased efficiencies in the business world, pundits believe the technology will have a profoundly positive impact on the economy, too. According to IDC, the Internet of Things market will eclipse $1.7 trillion by 2020— quite the uptick from the $655.8 billion the market hauled in during 2014. Despite that traction, the security threat will be growing faster than the market with each new additional advice added to the mix. If we want to realize the true benefits that the IoT promises, we can’t allow that to happen. Every device—from the most inconsequential to the most important—needs formidable security. When you use your laptop or mobile device, you’re constantly monitoring it to make sure it’s working as it’s designed to work. IoT devices are quite different. Once you install your smart refrigerator, you generally don’t tend to check up on it periodically to make sure that it’s still connected to the internet and working as designed. Really, all you care about is that it keeps your food cold. Because IoT devices are left alone once they’re installed, no one is looking after them—except for the hackers that are ready to take control of them. Though the technology promises to be transformative, the IoT has gotten a lot of bad press over the years. Remember the Target hack of 2013? Intruders initially breached Target’s system by gaining access through a third-party refrigeration, heating, and air-conditioning subcontractor. Because someone hacked their refrigeration system, the mega-retailer was eventually forced to fork over upwards of $162 million to settle the issue. Should these kinds of problems keep occurring, the market may very well collapse by itself as people—and businesses—stop trusting IoT devices altogether. Of course, we are still quite far from that tipping point, as people, for the most part, are not that privacy- or security-conscious. (Just think about how much personal information your friends and family members share on Facebook.) Beyond that, most IoT devices are “imposed” on us as part of other devices (e.g., a smart coffee maker) and are seen as inevitable. But things can certainly change if major breaches continue to occur.
  • 4. Keep in mind that, according to security expert Bruce Schneier, there are three ways hackers can cause problems with data: ● Confidentiality. By accessing your private data, your secrets can be aired out in the open. The Ashley Madison hack showed up how the loss of confidentiality can affect owners of data. ● Integrity. Hackers can alter your data—making it appear you were somewhere when you weren’t or you said something that you didn’t. ● Availability. Attackers can also prevent you from accessing or controlling your devices. Imagine a hacker gaining control of your connected car’s control mechanisms, leaving you unable to steer or brake. While we’ve seen what happens when data confidentiality is compromised, there haven’t been as many well-publicized and harmful infractions against data or device integrity and data or device availability. That may change soon. Still, security issues still play a major role in the IoT market nonetheless. If we want to realize the true potential of the IoT, it’s now or never that we figure out how to improve the security of all connected devices. Because most IoT devices are early generation and have short lives, there is still time to consider the issue seriously. But as IoT devices assume more and more responsibility, performing more and more critical functions when it comes to running our houses, production plants, hospitals, and health monitoring devices, among other things, we will soon reach a point of no return where the issue won’t be manageable. For that reason, it is imperative that device makers and members of the IoT community solve this problem quickly. Otherwise, we may miss out on many game-changing technologies as consumers look for more secure alternatives. The October DDoS Attack: How Much Security Do We Have? According to a summary of the October attack, 100,000 Mirai-infected IoT devices were involved in the DDoS assault on Dyn’s servers. Attack rates as high as 1.2 Tbps were reported—which is quite significant, as most sites are unable to handle rates higher than 10 Gbps (large companies would have a hard time handling 100 Gbps). Some security researchers believe the hackers—having access to as many as 500,000 compromised devices—were actually taking it easy on Dyn. While the Dyn attack is not the first hack through the IoT nor the first DDoS attack—the same method was used to knock France-based hosting provider OVH offline in September—it’s visibility was much larger because it disrupted a key DNS service that provides IP address
  • 5. lookup functionality for major websites. Amazon Web Services (AWS), for example, hosts many key services, including Netflix. What’s more, the assault on Dyn’s servers gained exposure because of its simplicity. The intruders used the publicly available malware Mirai, after all. At the time of the attack, analysts estimated that 1.2 million IoT devices were infected with the Mirai botnet, though only about 166,000 of those devices were active. This is an interesting kernel of information to say the least. It suggests that most of the devices in the IoT ecosystem today are gadgets that have short lifespans. After consumers get the most out of them, they either break or a newer version comes out. Then it’s on to the next. Of course, this will change in the future as more and more devices assume critical roles and people can’t live without them, both figuratively and literally. While most of the security issues inherent in IoT devices are unknown by the general public, the IT world is aware of the weaknesses many of the gadgets have. Some of the security issues found in the IoT ecosystem are as follows: ● For the most part, IoT devices aren’t under 24/7 monitoring. In addition to someone being able to physically change an unattended device, there’s also the risk of malware being installed on one—which could steal data and change programming. Believe it or not, HP says 70% of IoT gadgets are susceptible to hacking and there is an average of 25 vulnerabilities on each device. ● In an effort to get their products to market as quickly as possible, a number of IoT device manufacturers don’t even add encryption to their products. For example, one connected car startup was found to not have encrypted communications sent from the car to the server. If a bad actor were to intercept that data, there could be serious consequences up to and including commandeering the vehicle. ● A new startup might put out a great IoT gadget. Over time, the startup can either go bankrupt or be acquired by another company. Should that happen, there might not be anyone around who’s thinking about the security of each device the startup used to make. This could lead to severe vulnerabilities in devices that a handful of users depend upon. Despite the awareness of the IT community, at this point no one has come up with a path or a solution that would be easily acceptable and deployed by all organizations in the IoT world, e.g., an ISO standard or a certification. As it stands now, IoT devices have to comply with hardware and network security standards—you can’t sell something that might catch on fire by overheating or something that would interfere with a pacemaker’s signal, for example. But when it comes to security and privacy, it’s the Wild West.
  • 6. The key issue is that infected IoT devices on their own might not cause any direct harm. But when they work in a network environment, their behavior can be quite disastrous. For example, imagine your connected thermostat increasing the temperature as high as it can go while locking your doors and windows. Or maybe your connected refrigerator gets compromised and an intruder raises the temperature to the point all your food spoils. Worse yet, imagine your smart door lock is hacked, enabling culprits to physically enter your home while you’re at work. The possibilities are truly endless, especially as more and more devices enter the market. On the upside, there have been some initiatives proposed by groups focusing on fixing the problem before it spirals out of control. For example, the Broadband Technical Advisory Group (BITAG) suggests that manufacturers ship devices with up-to-date software while also following best practices for encryption. The group also wants to ensure there’s an easy way for users to notify manufacturers of any bugs or vulnerabilities they may notice while using the product. That way, problems could be addressed right away. BITAG has some more recommendations, too. But unfortunately, it’s not a regulatory body, so the group has no real power. Will industry players acquiesce? As mentioned previously in this ebook, not only do device manufacturers and IT technicians need to protect the IoT devices and technologies that are already out there, they have to figure out how to secure the information and data that’s being transmitted. Once the data and the devices are out in the world, they are no longer protected. For these reasons, we need to act now before too many devices are out there with no protection at all—which could kill the IoT prematurely. A Few Possible Solutions Who knows what the cybersecurity community will ultimately agree needs to be done in order to ensure the confidentiality, integrity, and availability of data and devices in the IoT ecosystem. But one thing is certain: We must act, quickly, if we wish to see the full potential of IoT technology. From hardcoded passwords that can’t be changed to security credentials that have never been changed to reused security keys across multiple devices, it appears as though IoT device manufacturers are violating every basic security practice. And the worst part about it is that unlike smartphones, tablets, and laptops, once IoT devices are out in the world, they cannot be updated (for the time being, anyway). Before we can solve the problem, we first need to recognize the scale of the issue and understand that we need to act differently at different levels of the ecosystem: ● At the user level, it’s all about education. Users need to be aware of the multitude of IoT devices they have as well as the status of each device and any potential issues. As such, all IoT devices should have a unique identifier with a central repository where their
  • 7. status can be checked. Users should also be encouraged to register their devices in order to receive security bulletins and, potentially, patches down the line. ● At the hardware level, a kill switch should be available that can quickly disable a device. This way, users can be sure that in the event they suspect their devices may be compromised, they can shut them off immediately. Furthermore, devices that have no activity over long periods of time should be disconnected from the network. ● At the network level, it might be time for a new type of technology altogether. IoT devices are highly distributed data nodes that constantly exchange information in hubs or mesh networks, connected to the cloud or not. All of these different combinations make it difficult to understand who or which entity to trust in terms of data security and access to the device. The good news is that one technology has been invented for the use case where there is no central authority that can be trusted: blockchain, the highly decentralized and distributed ledger. Blockchain technology already powers cryptocurrencies like Bitcoin and Ethereum. As more and more IoT devices become part of the ecosystem, blockchain technology can enable specific gadgets to connect to one another securely, with authentication, without the need for a central authority to monitor and facilitate the connections. Already, there have been some initial efforts to adapt blockchain technology to IoT devices. Companies like Filament and IOTA have made inroads into the space. These companies are still in the early stages, but they are pursuing what is likely one of the only paths to ensure proper security throughout the IoT ecosystem. Steps to More Security in the IoT Market As we’ve seen, there are a few paths that lead to securing the IoT. But the question still remains: How can we put blockchain technology in place in a coherent, simple, and organized way? Should we take a platform-centric approach, giving control of overall end-to-end security to the platforms themselves? There are already some manufacturers moving in this direction, like: ● BlackBerry. The company that once was a major player in the phone market is transitioning to an enterprise software company. It recently introduced BlackBerry Secure, an “Enterprise of Things” management platform, which controls things like calendars, emails, contacts, apps, and secure file-sharing tools, among other things. ● Amazon. For a company that sells seemingly everything, it was only a matter of time before Amazon got involved in the computing space. After establishing Amazon Web Services (AWS) as a dominant cloud computing force, Amazon’s kept expanding its
  • 8. computing offerings. Now, the company has an IoT platform that enables users to connect to AWS and their gadgets, ensuring secure data transfers and granting the ability to manage devices—even when they’re offline. ● Azure. Unsurprisingly, Microsoft has built its own IoT suite as well. The Azure IoT solution professes to enable businesses to capture and analyze data that would otherwise go unnoticed—thereby enabling them to become markedly more efficient. The platform also allows companies to get the peace of mind that comes with knowing their devices can be monitored and updated. While these developments are certainly reassuring for developers and manufacturers, there’s no way for the average end user to understand it—or even be aware of it. What’s more, the platform-centric approach also implies a web of complex partnerships. Imagine you’re trying to use Amazon’s Alexa to switch your Philips Hue lights on and off. In such a scenario, how can you be sure of which platform you’re using for the activated voice service and which one you’re using for the IoT component? What happens when you buy a gadget from Amazon’s universe and want to use it on an Azure-powered network? Should IoT security be embedded in the device and independent of the platform? Should platforms agree on a standard—and device manufacturers forced to build within it? Should the platform-centric approach be the one we take? Can blockchain technology protect the IoT—and allow it to flourish? There are a lot of questions left to ask. And their answers will invariably lead to even more questions. But because of the promises the IoT delivers, it is imperative that we figure out a way to provide a fully secure and transparent IoT ecosystem. The possibilities—from personal, professional, consumer, and business perspectives—are endless.