With over 23 billion devices and 2.5 exabytes of data produced daily, the Internet of Things presents a lucrative opportunity not only for organizations looking to increase operational efficiency but also for cybercriminals. Many studies show that almost half of US companies incorporate IoT solutions into IT infrastructures and have at least one security bridge.
While the cost of an IoT-related cyberattack now amounts to 13.4% of the total revenue for a business with an annual income of $ 5 million — and dozens of millions for larger enterprises! So what makes IoT solutions vulnerable to hacker attacks? What measures you should take to protect connected devices and the IoT software ecosystem against cybercrime?
Introduction To The IoT Security
The IoT is a technology area that deals with preventing unauthorized access to connected devices and networks.
Low-level software — i.e., firmware and embedded systems are running on connected gadgets. Which enables device-to-device communication. And continuous sensor data exchange is Internet of Things’ most vulnerable point. Based on outdated or unsupported Linux kernels, embedded software often contains well-documented security vulnerabilities which can be exploited over a wireless network; poor hardware design choices restricting patches only exacerbate the problem. Even automatic firmware updates do not guarantee absolute protection against cyberattacks. As certain malicious programs — especially those incorporating AI algorithms — are resistant to device reboots. Chip-level vulnerabilities — for example, the BLEEDINGBIT bugs detected in BLE chips manufactured by Texas Instruments (TI) — may also enable hackers to gain control over IoT networks and trigger remote code execution attacks.
You should also note, that not all connected devices are subject to hacker attacks: sensors, relays, and other small gadgets which do not have an IP address. And use encrypted communication protocols.
Although cybersecurity professionals had urged device manufacturers and early IoT adopters to remediate the Internet of Things security vulnerabilities long before the Mirai botnet almost brought the internet down. The infamous DDoS attack was an eye-opener and major proof IoT security challenges are real.
Besides digital burglary and surveillance, IoT devices security can be hacked and harnessed into giant botnets that threaten even properly secured enterprise-grade networks! The consequences of large-scale IoT cyberattacks may vary from power grid failures to putting patient safety and lives at risk.
Determining The Root Causes Of IoT Security Issues
Lack Of IoT Security Standards
Connected devices and IoT applications are seldom created with security in mind, as businesses that embark on the Internet of Things projects don’t normally possess the practical experience and extensive R&D facilities to future-proof their products.
Additionally, hardware manufacturers and software developers often advocate the use of certain technologies. That is, blockchain, tokens, or platform-based solutions — to secure connected devices. Thus creating single-vendor IoT environments and undermining the Internet of Things interoperability.
Diverse Security Requirements
Electronics, which will soon constitute just 0.2% of all the gadgets connected to the Internet. Typically possess limited computing power and may not have built-in firmware update capabilities. Some IoT security solutions do not have screens and they manages via voice commands. IoT security requirements also vary across industries: an intelligent thermostat that does not have access to sensitive data and an IoT-based platform for monitoring hand hygiene behavior in healthcare have different security properties.
Legacy IT Infrastructure
When it comes to the business technology domain, we mostly deal with outdated software systems.
Such systems are neither capable of processing sensor data in real-time nor ensuring visibility of a corporate IT infrastructure: according to Gemalto’s recent report, 48% of businesses cannot tell whether any of their IoT devices suffers a breach.
Flawed IoT Software Ecosystems
Web, mobile, and embedded applications that collect, process, and visualize sensor data should be built with trusted APIs.
And open-source software libraries and ensure data encryption and access control. According to Verizon, in 2018, 29.5% of all data breaches were caused by web application attacks; botnets initiated 77% of those.
Publicily Available & Hardcoded Passwords
US and UK regulations regarding hardcoded passwords. That is, non-encrypted text embedded into source code which simplifies device configuration but may compromise connected gadgets’ security. Remain a suggestion rather than enforcement, and few hardware manufacturers view security as an important part of IoT app development. Weak passwords were the key factor behind the Mirai botnet attack. The hackers simply scanned large blocks of the Internet for open Telnet ports. And used 61 common login/password combinations to take control of 2.5 million electronic devices with built-in connectivity.
Further IoT application development and adoption of the Internet of Things in business requires a complete IT infrastructure overhaul — and a solid security strategy for future IoT deployments.