IoT boom: what are the security issues?
While IoT has grown exponentially in recent years, there is also an alarming increase in attacks targeting them. The reason is that most connected objects have little or no security to protect against these attacks.
With more than 7 billion IoT devices in circulation, IoTs have become a prime target for cybercriminals. So much so that the success rate of malware attacks is starting to raise questions. To date, the most publicized attack is that of the Mirai malware late 2016, which managed to turn thousands of Linux based IoT devices into an army of botnets that were then used to launch a series of DDOS attacks. (Distributed Denial of Service, Distributed Denial of Service).
More recently, cybersecurity experts have discovered an increasing amount of malware used to undermine cryptocurrency, showing that cybercriminals are exploring different ways to exploit IoT devices for a profit. Security often neglected with the explosion of the popularity of IoT, manufacturers and sellers accelerated the commercialization of new products and flooded the market. Unfortunately, for many of them, device safety was at the bottom of the agenda and was often treated as a minor detail. As a result, the vast majority of IoT devices currently in use default login credentials and passwords, have unsafe configurations and protocols and are notoriously difficult to upgrade. In summary, they are far too easy to hack.
Added to this is the emergence of low-level protocol hackers such as KRACK, which creates new ways to compromise the IoT infrastructure and inject or manipulate data. The consequences are severe for devices that synchronize or receive control messages from a cloud application. Towards a new form of malware, the simplicity of most IoT devices has forced cybercriminals to rethink their approach. In reality, because of their nature, very few IoT devices store large amounts of sensitive data. This makes traditional ransomware attacks obsolete.
Therefore, attention has turned to how malware can be used to enslave IoT devices (as was the case with Mirai), block access to users, or prevent devices to fulfill their initial mission. This goal may seem harmless enough, but if you think of the IoT devices that are now used as pacemakers or to control doses of inpatient medication, the consequences can be dramatic. Necessary Awareness Faced with this growing threat, manufacturers, and vendors need to wake up and begin to implement more robust security measures on all IoT devices, focusing on three key areas: Adoption of security standards Modern software: Any new device entering the market must adhere strictly to current security practices, such as built-in password
protection that forces users to change the default password after purchase. New devices must also include after-sales software support and the ability to patch or upgrade remotely as needed, ensuring the durability of security against new forms of malware. Building Robust and Tamper-proof Hardware: Physical security is also the key concern for new devices.
Simple things, such as adding switches that allow users to disable unused functions (for example a button to turn off the microphone and prevent unauthorized listening). The inclusion of tamper evidence in hardware design is also a guarantee to prevent anyone with direct access to the device from compromising it or to decode its information without authorization. Use of secure network protocols:
Secure protocols such as HTTPS must be in place for any data exchange between IoT devices and backend management or storage solutions. It is also necessary to use robust authentication methods to prevent fraudulent access. For too many years, IoT vendors and device manufacturers have ignored security conventions in their eagerness to commercialize new products.
The proliferation of malware seeking to exploit these vulnerabilities is a direct result of these decisions. Unfortunately, it is the customers who suffer. Although it is impossible to go back to improve the security of the millions of IoT devices already in circulation, better implementation of security practices on new devices will contribute significantly to reducing the scale of the problem. As older, less secure devices reach the end of their life cycle, we should see the IoT’s security improve overall.