What is IoT and how can we secure it?
By Yash Kudal
IoT security is a technology area that interacts with protecting connected devices and networks in the Internet of Things (IoT).
IoT involves adding the Internet connection to the system of compatible computer devices, mechanical and digital devices. Each thing is provided with a unique identifier and the ability to automatically transfer data to the network. Allowing devices to connect to the internet exposes them to great risk if they are not properly protected.
IoT security has become a matter of scrutiny after many high-profile incidents where a standard IoT tool was used to penetrate and attack a large network. Implementing security mechanisms is crucial to ensuring the security of the networks through the IoT devices connected to them.
IoT Security Challenges
Many challenges prevent the adoption of IoT devices and ensure end-to-end security in the IoT environment. Because the perception of network objects and other objects is new, security has never been considered a priority during the manufacturing phase. In addition, because IoT is an emerging market, many product designers and manufacturers are more keen to get their products to market faster, rather than taking the necessary steps to build security from scratch.
The biggest issue identified by the security of IoT is the use of hardcoded passwords, which can lead to security breaches. Although passwords are changed, they are usually not strong enough to prevent logging in.
Another common problem facing IoT devices is that they are often resource-intensive and do not contain the resources necessary to implement strong security. As such, many devices do not offer or are unable to provide enhanced security features. Also, since many IoT devices “put it on and forget it” placed in the field or machine and left until the end of life they never get security updates or enhancements.
IoT security is also afflict by a lack of industry-wide standards. While many IoT security frameworks exist, no single framework is agreed upon. Large companies and industrial organizations can have their own standards, and some sectors, such as industrial IoT, have standards that are concerning, which are inconsistent with industry leaders. The variety of these standards makes it difficult not only for secure systems, but also to ensure interoperability between them.
Organizations should learn to view security as a shared challenge, from the manufacturer to the service provider to the end user. Manufacturers and service providers should prioritize the safety and privacy of their products, while also providing privacy and authorization. But this does not end here end users must take their precautionary measures, including changing passwords, applying patches when they are accessible and using security software.
IoT Security Breaches
• In January 2017, two well-known security researchers identified a significant risk to Medtronic CareLink 2090, which is a preventive measure used by physicians to control pacemaker settings. Also, incorrect authentication and encryption left the device software vulnerable to malware infection. When investigators shared updates about the case at the Red Hat conference in August last year, many were shocked to find that another threat had stopped. This was done without notifying Medtronic of security breaches in the last 570 days and confirming the administrative dates of 155 days, starting August 9.
• In 2018 a portland couple asserted that their Amazon Echo speaker record the conversation and pass it on to someone on their social network who works for the couple in Seattle. The first report is suspect, although Amazon confirmed to CNET that the incident happened as described.
The Echo Dot model installed on the original port is able to output audio to the external speaker with a 3.5mm audio cord. If the speaker is attached to the Echo Dot, but is turned off, the Echo Dot unit microphone will still work, but it would not be possible for the owners to hear the sound aid in the speaker. The original report failed to mention that, similarly, the report failed to identify an app such as the Amazon Echo.
Besides, Amazon has Alexa problems. New York Times columnist Farhad Manjoo wrote in February of an incident when his Echo Dot shouted “like a baby crying in a scary text.” Amazon also changed Alexa’s performance in March after reports that Alexa-based devices were funny, seemingly useless.
• In January 2019, the Apple ‘Facepalm’ bug came to the headlines. It happened in Arizona, where a 14-year-old boy added a friend to a group chat. Despite the fact that the friend did not choose the phone, the boy was able to listen to the conversations taking place on a friend’s iPhone. Despite the boy’s numerous attempts to report the case to Apple, an action from Apple was taken only a week after the incident occurred. Because of this, Apple has decided to take serious security measures and has released a software update to resolve the bug later.
How to Secure IoT Devices?
IoT security strategies vary depending on your specific IoT application and your location in the IoT ecosystem.
For example, IoT developers from product developers to semiconductor companies should focus on building security from scratch, developing tamper-proof technology, building secure hardware, ensuring secure development, providing firmware / market updates and testing strong.
The developer’s focus on solutions should be on safe software development and secure integration. For those using IoT systems, hardware security and authentication are critical steps.
Similarly, for operators, keeping systems up-to-date, mitigating malware, auditing, protecting infrastructure and ensuring authentication are important.