By Ritu Sharma on Feb 28, 2019
Sharing is caring!
The very essence of connectivity across devices and sensors in IOT makes it prone to security vulnerabilities. The increasing trend to add layers of intelligence by augmenting edge data through endpoints and sensors augments the privacy and data confidentiality risks.
Key security concerns
The Internet of Hackable Things is considered a deeply intensive study that looked at the various issues plaguing IOT security. The problem is especially pronounced in smart homes and buildings and in connected healthcare infrastructures.
Some of the interesting insights that came out of the study are –
1 – 9 out of 10 devices on an average collected some form of information through the device
2 – 8 out of 10 devices and cloud components didn’t come with a strong password
3 – 7 out of 10 devices had poor security set up, which enabled a hacker to employ enumeration and identify valid user account details.
In addition to these worrying stats, the study found that 70% of devices used unencrypted network services.
The study pointed out to dangerous vulnerabilities in smart equipment like CT scanners and Implantable Cardioverter Defibrillators (ICDs). Even with smart homes, there have been cases where parents were shocked to discover that intruders hacked into connected baby monitors to speak to their children.
Potential reasons for security risks
1 – Pressure to perform
Shortening time to market and increased pressure to cater to a fast-growing sector means that security is often an overlooked aspect. This is similar to the early days of Android or iPhone app development where security used to take a backseat till KRAs like user engagement or user base started dropping.
2 – Disparate players in the ecosystem
The problem becomes magnified when there are third-party touchpoints that are needed to build and deploy an impactful IOT ecosystem. The range of device OEMs that add connectivity, sensors, and data transmission protocols to a host of devices ranging from CT scanner to smart TVs (all of which are in turn, manufactured by different companies). So unlike, Android or Windows, there is no single company like Google and Microsoft that can adopt and implement high-performance security standards into the entire ecosystem.
3 – Security Maturity
Some of the key IOT devices that a 2015 Capgemini study found most vulnerable to cybersecurity threats include
1 – Wearables – 50% of respondents rate it high on resilience to cyber attacks
2 – Smart Metering – 50%
3 – Industrial Manufacturing – 47%
4 – Automotive – 35%
5 – Home automation – 18%
This clearly shows that respondents don’t believe that the existing security implementation is adequate. A mature security framework is needed to bring down this worrying figure.
4 – Large landscape to be protected
IOT, in general, tends to bring a large number of disparate systems into play. This leads to multiple points of vulnerability. These include IoT product, the software, and data being transmitted or stored. It also includes data centers where analytics happen and endpoint devices. Securing all these systems together under a common IOT security protocol might be challenging.
Recommended redressal mechanisms
1 – Secure boot
This IOT security solution uses cryptographic code signing mechanism. This makes certain that a device only executes by scripts generated by the authentic OEM device. This step prevents an unauthorized breach and attempts to replace OEM firmware with malicious versions.
2 – Authentication
Every step in the data transmission or connection of IOT device to the sensor or network needs to be authenticated before sending or receiving data. With edge devices especially vulnerable to hacks, this step can go a long way in protecting the overall IOT set up. Popular techniques involve Secure Hash Algorithm (SHA-x) or Elliptic Curve Digital Signature Algorithm (ECDSA). Using data encryption, this IOT security measure can be further strengthened.
3 – Lifecycle management
Smart lifecycle management ensures real-time security for connected devices when the data is in transmission between sensors, edges, and networks. Even in case of downtime, OTA device key replacement can ensure business connectivity. Further, if a device is depleted or sensors are scrapped, then device decommissioning protocols must be applied swiftly to prevent threats of exploits.
To sign off – An emphasis on security as a culture rather than an instance
A key missing piece in enhancing IOT security is the security culture. This culture is nearly non-existent in current IOT configurations. An integration of human behavior and data and algorithms can help build a profitable security culture. This way, security is not considered as an after-thought but becomes a vital factor in every stage of the IOT architecture design, development, deployment, monitoring, and analytics.
You may also like
Has your business been going too slow? Are you offering useful and valuable products or services to your customers and even then not seeing...Read More
Nowadays, the marketing concept has evolved as people have become more brand conscious. People closely follow brands on social media especially Instagram and keep...Read More
If you are a video content creator (YouTube), social page manager, or design greeting cards for festivals and events, you will definitely need a...Read More
Are you a veteran in need of a permanent house? If you are going to give a nod, you can easily consider VA loans....Read More
When we are done fixing and decorating the other rooms that we have in our houses, it is now...
If you are operational in the telecom industry, you may need the facilities of an RF engineer for your...
There are three things you should know about your electric bill to save money. If you’re like me, you...
Despite the fact that Google keeps refreshes its highlights however keyword research is as yet one of the significant...
An unfortunate truth in modern time is that many people have bad credit score but they are in need...
American airlines one of the major airlines and its headquartered located in Fort Worth, Texas. It is also known...
The idea of a fitness or eating plan can seem all too cliche and for some people, this type...
When it comes to interior décor, you can never ignore the walls of your rooms. These can either take...
It is a noteworthy fact that the USA is among the most sought-after countries for higher education. The education...
Did you know there is software which only runs on a computer and completes trade execution on behalf of...
Infographics are one of the most powerful resources to your blog. With an infographic, you can graphically show a...
Rolex has always been setting an incredibly higher standard for high-end watches ever since its establishment in 1905. The...