One of the main issues often associated with the predicted increase in connected devices is the growing number of attack vectors these devices potential have. While increased functionality, mobility, and reliability is welcomed by most, it does create more potentially exploitable components in a network. In an age where cyber attacks are becoming more and more sophisticated and using much more advanced technologies, adequate protection is paramount. In this article, we’ll take a look at some of the commercial IoT systems most at risk from malicious cyber attacks as well as detailing a few methods and techniques that could help protect potentially vulnerable devices from such threats.
Devices At Risk
Often, certain devices have particular security requirements depending on how they are to be used. Because of this, devices that perform some functions and tasks are more susceptible to certain threats than others. Medical devices, in-car wifi systems, and security and surveillance devices are some of those systems likely to be targeted by attackers for a mixture of different reasons and so each system will need to be provided with more protection in certain parts of its infrastructure, such as particularly vulnerable devices like routers and cameras. Let’s now take a look at how certain devices are targeted and how they may be protected.
Medical devices such as pacemakers, insulin pumps, defibrillators, and even the computers and networks used by those in the healthcare profession are all vulnerable to cyber attacks and can lead to potentially lethal consequences. Wireless enabled devices such as pacemakers and insulin pumps are attached to the body as well as connected via bluetooth to monitoring instruments such as glucose monitor. They can also attached to smart phones these days. These connections make the devices vulnerable as hackers can potentially exploit their weak communications protocols. As we’ll continue to see, certain functionalities create attacks surfaces that may not have always been anticipated by the products manufacturer.
With 5G wireless communications networks looming on the horizon, Internet of Things devices and their associated technologies are becoming increasingly common. One of the fastest growing markets in this sector is in-car wifi, however, there has been numerous questions raised over the security of these in-car devices. In-car wifi systems and mobile hotspots face the same threats as traditional wifi units. Data and information stored on personal devices accessing a car’s wifi network will need to be protected alongside the mobile hotspot itself to ensure that their security will not be compromised.
Security and Surveillance Devices
IP security cameras, mobile surveillance cameras, and inventory monitoring and control systems are all vulnerable to attacks due to the role they play in the security, monitoring, analysis, and surveillance of important locations, items, personnel, or systems. Attackers could decide to target these systems in stand alone attacks or as part of an ongoing campaign against certain targets and try to disable any systems that may identify or provide information on them. Investigations have shown that certain digital video recorders (DVRs) have been exploited by malware preloaded onto their management software from a single vendor. It was estimated that more than 500,000 DVRs, NVRs, and IP cameras were all vulnerable to attack codes when a vulnerable component was traced back to a single vendor.
Protecting Connected Devices
We’ve now seen some of the most vulnerable devices and the ways in which malicious cyber attackers can gain access to their network-connected systems. So what can be done to protect against this threats? As we’ll begin to see, there are ways in which businesses, organizations, and individuals can fight back and protect their devices from these cyber threats. Encrypting data, keeping up to date with security updates and patches and implementing authentication and password policies in order to inform staff about the potential risks they face as well as promote good online habits.
Using encryption on data that is both in-transit and being stored on your devices and network can help improve security and ensure data integrity. Using encryption tools helps to make protect your devices but can be limited depending on the scale at which you’re looking to encrypt. Cryptographic algorithms can often be difficult to implement on smaller networks and individual devices due to the lack of internal power available to such systems. Most suppliers will also offer advice on which services and products work best with their hardware and can be helpful in pointing curious minds in the right direction.
Security updates and patches are designed to keep products, devices, and operating and management systems up to date and protected against the latest vulnerabilities and exploits that have been reported and fixed. However, often, these updates can be ignored or silenced and in some cases will lead to systems becoming extremely out of date and increasingly vulnerable to new or as yet unknown threats. The increasing number of attack surfaces that comes with increased device functionality and applications means that keeping up to date with security updates and patches is becoming more and more important for long-term device security.
In the year 2017, it still may blow your mind to know that there are still some systems and profiles with standard “admin” or “password” user authentication passwords. Despite being some of the oldest advice going for protecting against online cyber threats, having a strong password policy is still a commonly missed procedure for many businesses, organizations, and individuals. By ensuring that certain password criteria are met when using business or industrial networks or devices, better levels of protection and the promotion of good online habits can be enhanced and achieved. As one of the easiest ways in which to protect devices from cyber threats, it seems almost counterproductive not to create a strong password policy.
With increases in the number of connected devices in use, the applications of IoT technologies, and the sophistication of cyber threats, the future of IoT device security is unclear. How developers of IoT devices respond to the threats their products face will determine the kinds of solutions that become available to them. The Internet of Things looks set to continue expanding and evolving alongside cyber threats and so protection-by-design may become the main feature of many of IoT and cyber security technologies of the future.