Industry post for Firebrand Training (BPP)
There’s been massive growth in the Internet of Things ( IoT) since the pandemic struck, with an estimated 64% of companies using IoT devices in 2021. However, as the number of devices grows, the digital “attack surface” expands with it.
IoT devices, while innovative and productivity-boosting, tend to fall short when it comes to integral security due to a lack of computing power. This makes them especially vulnerable to cyber-attacks. In a bid to combat this ongoing threat, the UK Government is bringing in a new bill to force IoT vendors to install satisfactory security controls.
For many, this measure can’t come soon enough. In the meantime, let’s examine what we mean by the Internet of Vulnerable Things and the key issues behind its vulnerability.
What is the Internet of vulnerable things?
The Internet of Things (IoT) includes the emerging network of devices, appliances, and vehicles that collect and transmit data via the internet. This technology has the potential to solve problems, improve current technologies, boost productivity, and give users a seamless personalised experience.
The problem is that many IoT devices have tended to focus more on innovative design than on privacy or security. Not only are many inherently insecure, but they can be difficult to update if vulnerabilities are detected.
The IoT ‘s top 10 vulnerabilities
The Open Web Application Security Project (OWASP) recently published a list of the top IoT vulnerabilities. Here’s a quick summary of the problem characteristics of many IoT devices.
1. Weak or guessable passwords
Many IoT devices use weak and hardcoded passwords, which provide hackers with an easy way to compromise IoT devices and launch botnets and malware attacks.
2. Insecure network services
An IOT device’s insecure network services, which are often open to the internet, are vulnerable to breaches of sensitive information between device and server. Man-in-the-Middle (MITM) attacks exploit these vulnerabilities and can steal the credentials that authenticate end points. Once captured, this information can be used to launch wider attacks.
3. Insecure interfaces
Insecure web, API, cloud, or mobile interfaces in the device’s outer ecosystem can compromise them. Common problems stem from a lack of authentication and authorisation protocols, and weak or no encryption.
4. Insecure update mechanisms
A lack of firmware validation on a device, and unencrypted service delivery — as well as a lack of security update notifications — are major risk factors for IoT devices. Certain industries, including the healthcare and finance sectors, are especially vulnerable.
5. Outdated or insecure components
Use of insecure software components or libraries could allow devices to be compromised. These vulnerabilities could stem from the use of legacy software systems which use open-source components to build them.
6. Lack of privacy protection
Many IoT devices collect sensitive data that needs to be stored and processed in compliance with various regulations (e.g., GDPR). Lack of appropriate controls puts user privacy at risk and can have legal repercussions for your company.
7. Insecure transfer and storage of data
A lack of encryption of sensitive data anywhere in the ecosystem opens up vulnerabilities. Protection of data in the IoT is crucial to the reliability and integrity of IoT applications, otherwise there can be serious consequences.
8. Poor device management
A big challenge for security in the IoT is managing all devices throughout their lifecycle. If unauthorised devices enter the ecosystem, they can access and surveil networks and intercept information.
9. Insecure default settings
Devices with insecure default settings can be compromised and allow cyber criminals to access hardcoded default passwords and hidden backdoors in the device’s firmware. These settings are often difficult for users to change.
10. Insufficient physical hardening
IoT devices often lack hardening capabilities, allowing attackers to steal sensitive information to help them carry out future attacks or enable them to take control of a device. IoT devices are often deployed remotely, and attackers can get to them physically to prevent, for example, motion sensors from working.
How to keep IoT devices safe
Having a firm grasp of how IoT device settings work is essential in order to implement the correct controls protecting them against vulnerabilities.
Are you ready for IoT?
For the past 12 years in a row, we’ve been recognised as one of the Top 20 IT Training Companies in the World. Whether you’ve been using cloud for a while or are just starting out, we’ve got a course for you. Plus, register by 31 March 2023, and you receive a 50% discount on an additional course. Find out more.