Month: May 2021
Guarding Against iOT Vulnerabilities
“IoT” stands for “Internet of Things”. They are coldly super efficient and marvelously sturdy, and can replace human frailty and sheer boredom in many cases, but they are not without Vulnerabilities themselves. These Vulnerabilities can affect the wellbeing of both the IoT System and the Human Beings being served with disastrous effect. This article studies some of the Vulnerabilities of IoT Devices And How To Guard Against Them.
Many Vulnerabilities, Much Guarding
Following is a short study of Vulnerabilities of IoT Devices And How To Guard Against Them, enumerating not only the problems but also some suggested solutions.
First, we list some of the Common Vulnerabilities of IoT Devices, as follows:
- Passwords: Passwords which are casually formed without much planning or thought are liable to be easily cracked in expert hands, and command of the IoT taken over by malicious forces. This is a common Vulnerability.
- Insecure Ecosystem Interfaces: Mobile interfaces, insecure web, back-end API which are in the ecosystem external to the IoT device itself or components connected with it, can be a source of Vulnerability. Lack of authentication or authorization, weak encryption or lack of it, and paucity of input/output filtering can cause this Vulnerability.
- Insecure Network Services: Insecure Networks running in the Device itself can endanger, not just the IoT concerned, but all connected IoT’s and systems. In particular, Network services exposed to the Internet, with their integrity, authenticity and confidentiality compromised, can allow unauthorized remote control of IoT devices or corruption of the total system.
- Use of Insecure or Outdated Components: Insecure customization of OS Platforms, and use of third party software or hardware components are often to blame. Software programs and libraries that are without security cover or are outdated should never be used in IoT Systems, specially without adequate cover.
- Insecure Data Transfer and Storage: IoTWhether at rest, in transit or during processing, sensitive data without proper encryption anywhere within the ecosystem can cause severe Vunerability.
- Insecure Default Settings: When IoT devices or systems are shipped without adequate provision of changing default settings to more secure settings by trained operators can cause security compromises.
- Insufficient Privacy Protection: Personal Information that are stored without sufficient Privacy Protection in the IoT device itself or in the ecosystem may be used without authorization to compromise the device and the system disastrously.
- Lack of Device Management: IoT devices used in production, asset management and so on may lack overall device security management, which can cause unplanned breakdown.
- Lack of Physical Hardening: IoT device systems need to be physically hardened to prevent future attacks by external agents to gain sensitive information which can be used later to cause damage.
Next, some methods to Guard against these Vulnerabilities follow:
- Passwords: Publically available, Brute-forced, weak , guessable or unchangeable and hard-coded passwords must be avoided completely, to prevent unauthorized access to the control centre of the IoT. Passwords need to be planned and analyzed carefully and frequently changed to ensure that this key to the control of an IoT is completely unavailable to the criminal layers of our society.
- Homework: IoT System information needs to be carefully and continuously analyzed. This must include everything that goes on in the network, associated backend, and supporting cloud services. This Homework is essential to ward off any attack attempts.
- Separate networks: IoT Devices need to be protected separately from interaction with associated networks. This can only be done by having a separate network protected by a firewall, monitored continuously by overall surbeillance. Core networks and resources must be individually secured against hostile takeovers.
- Useless Features: IoT Systems must not retain useless features, which only add potential Vulnerability. For example, when using a smart TV for display only, the microphones at least can always disconnected.
- Physical Comromise: IoT devices with a factory reset switch, open port or default password needs these to be replaced immediately, or invite instant trouble.
- Gizmos: Gizmos that are used to connect automatically to open WiFi should never be used, as they cause further damage instead. The Final Control should always rest in human hands.
- Encryption: Encryption of transmitted data ensures the security of both commands and feedback, and prevents malfunction of IoT, whether accidental or deliberate.
- Updates: Not just for IoT, any computer system needs to be regularly updated. Whether this means running patches, or painstakingly checking out the System manually, Updating is an essential maintenance and control of the System. Equipment or software that cannot receive updates should never be used.
- Unsecured Products: IoT devices or software that is no longer supported by their manufacturers can only be used at risk to the Users. Any such products must be phased out rapidly, and replaced by components that are covered by their Manufacturers.