Internet technologies always evolve at much faster pace as compared to any other field of technology. This fast pace is essential to keep the potential of internet to maximum but at the same time brings in many information security threats that are never seen before.
Internet of things (IoT) is an emerging scope of internet that is said to connect the devices and networks like never before. If you are unaware of IoT, then we suggest you go through our guide on Understanding Internet of Things first.
What is IoT Security?
According to the estimates from brands like Gartner and Cisco by 2020 more than a billion devices will be connected through networks to shape the advanced internet of things ecosystem.
Internet of Things security is the domain concerned with protecting interconnected devices and networks in the ecosystem.
In an IoT ecosystem computing devices and embedded systems, also called things are able to communicate data over network as they are provided with unique identifiers and ability to collect, send and receive data. IoT applications can be found in all sectors ranging from home appliances to industrial machine-to-machine (M2M) to smart energy grids.
Where problem arises?
Idea of connecting devices like appliances is relatively new. Such devices are not designed with the security of data communication as a priority. This leaves scope for cyber criminals to leverage the security loopholes in these IoT devices to hack the entire network which is secured otherwise. What makes these devices vulnerable to hacks is their old unpatched embedded OS and software. Further increasing the risk is inability of buyers of these devices to change default passwords and even if they do change them, the new passwords are not strong enough.
The risks are potentially disabling and recent security attacks furthermore highlight the security concerns. Let’s take a look at some of the most threatening IoT attacks.
Internet Of Things Security Threat Types
The simplicity of attacks in IoT ecosystem is in the ease at which an attacker can use the connected device as an entry point into the network. Whether it’s your new smart refrigerator or smart vehicle, without proper security it poses privacy risk and increased security threat. Most of the conventional cyber attacks are capable to exploit the security loopholes in internet of things ecosystem. Most common of these attacks are:
According to Wikipedia, “A botnet is a number of Internet-connected devices used by a botnet owner to perform various tasks. Botnets can be used to perform Distributed Denial Of Service Attack, steal data, send spam, allow the attacker access to the device and its connection. The owner can control the botnet using command and control (C&C) software.”
Internet of things devices are already affected by botnets like Mirai, Aidra and Linux/IRCTelnet. These botnets are also called the thingbots and comprise of all sort of devices ranging from smart phones to laptops and the new smart devices like TV and refrigerator. When infected by a botnet the IoT devices become part of an enormous DDOS ecosystem and send requests to the target server to crash it. Such an attack makes it hard to trace the actual source as millions of connected devices are bombarding the network together.
Here’s an explanation about thingbots:
Most recent example of such an attack is the DDOS attack on DNS service provider Dyn’s network in October 21, 2016 that rendered sites like Twitter and Instagram inaccessible. Here’s a Wikipedia article on the attack-2016 Dyn Cyberattack.
In this type of attack the aim of the perpetrator is to breach or interrupt the communication between two systems. As the attacker has access to data being communicated between the systems, he can alter the data without both parties knowing it. The receiver will get the manipulated data without acknowledgement of any intrusion by the attacker in between. This threat can get very dangerous and such cases are already being reported.
Here is an example of how a Blackberry executive broke into a business’s secured network through an electric teakettle connected to the network.
Data & Identity Theft
More devices get connected to the internet and the more access they have of our personal data the higher are the risk of data and identity theft is. Smart devices like smartwatch, health monitors and smart phones if got in hands of opportunistic finders can provide access to valuable private data. With IoT devices interconnected the attacker can get access to data collected by your fitness bans, smart fridge, smart meter and other devices.
Once the attacker amasses enough data about you, it gets a lot easier to perform identity theft through a sophisticated and targeted attack. Social engineering is also common is such attacks.
IoT Security Concerns
Security threat to privacy is most concerning in IoT. Interconnected devices at home, office and almost everywhere raises concerns about the data that will be collected and how it will be used. Not only for individuals; concerns are equally potential for businesses as well.
IoT Security Companies and Startups
There is a lot of potential in internet of security market. According to M2M Magazine-
The IoT security market is expected to grow from USD 6.89 billion in 2015 to USD 28.90 billion by 2020, at a Compound Annual Growth Rate (CAGR) of 33.2% from 2015 to 2020. Some of the key players in this market include Cisco, IBM, Infineon Technologies, Intel Corporation, and Symantec.
This is bringing in startups and tech giants on the same platform. Existing internet of things companies like Google, IBM and Cisco are improving their infrastructure to add security while startups like Mocana, Argus and Rubicon are offering smart solutions to provide security for IoT devices and networks. Check out list of top IoT security companies.
If you are interested in IoT security startups, then we suggest out top IoT security startups guide.
Internet Of Things Security Solutions
There are a few internet of security solutions that experts suggest. Foremost the IoT devices that need direct access to the internet should be segmented into their own networks that have restricted access. It will then become easier to monitor a device’s network segment for any anomalous traffic.
Companies need to improve their data security and privacy policies. Investment should be made in provide security structure at business level. Providing training and guidance to common people and business staff on securing their IoT device will substantially decrease the security risk.