The Risks of Different Sectors with Embracing Internet-of-Things Devices
Internet-of-Things devices are set to follow the success of the smartphones and tablets when it comes to successful penetration of both individual and corporate lives. However, the fast adoption of IoT everywhere comes with a huge cost, if the users are not very careful – IoT being the platform for cyber attacks and DDoS origins. This fact has been reinforced by a report released by Omnitracs, a cybersecurity firm. They highlight the sad truth that IoT’s accessibility and wide availability are its greatest disadvantage when it comes to its security standpoint.
Any IoT devices can be taken-over by unauthorized 3rd parties since the system’s requirements of simplicity; a reliable threat detection system cannot be engineered with it. “A hacker could install malware to the truck’s operation system, potentially locking all driver functions and endangering lives,” said Sharon Reynold’s Omnitracs’ CISO.
In the consumer sector, individually maintained IoT devices at home and installed in SOHO’s are setup-and-forget scenarios. This means they lack the update mechanism without the need for consumers to actually tinker the complicated settings is not yet the standard. “The rapid adoption of connected devices has sent manufacturers rushing to slap connectivity on to many household devices with security as an afterthought. Considering the statistic that 60 percent of the IoT installed are consumer-related devices, the products in our homes translate into a virtual candy store of opportunities for hackers,” explained Moshe Elias, Allot Communication’s Product Director.
Governments and utility providers need to be very careful when it comes to rolling-out IoT in their respective offices. There is still no standard when it comes to IoT devices, and there are no known common systems with securing them. Critical utilities might be severely affected if the IoT used gets taken-over by unknown 3rd parties. “(IoT) interact with the physical world in ways conventional IT devices usually do not. the potential impact of some IoT devices making changes to physical systems and thus affecting the physical world needs to be explicitly recognized and addressed from cybersecurity and privacy perspectives. Also, operational requirements for performance, reliability, resilience, and safety may be at odds with common cybersecurity and privacy practices for conventional IT devices,” NIST emphasized.
At the moment, the only way to somehow secure IoT devices is to install them behind a router. This will somewhat help lessen the attack surface that IoT exposes in the public internet, through the demands of NAT traversal before a 3rd party from the public Internet can penetrate an IoT device.
VPNFilter, a very well known virus that takes over a vulnerable router can, in fact, change the entire scenario. Instead of securing the internal network, a router infected with VPNFilter exposes the internal network to attacks from the public internet instead. In such a scenario the router’s role of being a firewall is totally reversed.
“While regulators and industry associations are making steps in this direction, such as the creation of the CTIA Cybersecurity Certification Program for Cellular-Connected IoT Devices, broader adoption and enforcement will still take time. In the meantime, we still have 10 billion devices out there to deal with,” Elias concluded.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.