IoT Security

The Top Ten IoT Vulnerabilities

Sumit Bhattacharya
February 17, 2018 by
Sumit Bhattacharya

Kevin Ashton coined the phrase the "Internet of Things" (also known as "IoT") back in 1999. This term represented the concept of a massive system where everyday appliances would communicate with each other through omnipresent sensors.

Since then, consumers have connected smart devices amongst one another at an exponential rate. By 2020, there are estimates that there will be seven smart devices per person. That means a future where many everyday things will interconnect with each other, with the primary goal of improving the overall quality of life.

Learn IoT Security

Learn IoT Security

Learn how ethical hackers exploit the growing number of internet-connected devices and become a Certified IoT Security Practitioner.

As we enter the new generation of the Internet of Things, we must re-examine the entire idea of security. The IoT is changing everything daily. Thus, a large number of individuals and organizations are purchasing and implementing devices to improve our lives and levels of productivity.

For instance, through the IoT we can think about the ideal world; we remotely observe that grandpa is moving about the house, his heart is fit as a fiddle, and he has milk and food in the refrigerator.

Nonetheless, the genuine concern is that webcam in the garage may have potentially been a part of a disseminated Denial of Service attack. Indeed, our world is evolving. The IoT brings with it a fantastic future; but, we should remember the numerous security and protection considerations which need to be taken into consideration.

 

The 10 Internet of Things Security Vulnerabilities

 

There are many attack vectors associated with IoT devices. Since many of them are Cyber based, it is thus quite challenging to secure and manage an overall IoT infrastructure. In this article, we will consider ten IoT vulnerabilities that exist today.

 

1. A Shaky web interface

 

Numerous gadgets and devices have a built-in web server that hosts a web application for managing them. Like any web server/application, there might be flaws in the source code that cause the interface to be vulnerable to a Cyber based attack.

 

2. Improper Usage of Authentication or Authorization Mechanisms

 

Often in IoT devices, there are flaws in the implementation of the authorization/authentication mechanisms. It gets worse when the provided security features in the IoT devices are not utilized by the consumers to their fullest extent possible.

 

3. Insecure network services

 

IoT devices have tools for diagnostics and testing along with services like debugging. These "maintenance" services have possibly been lightly tested, which thus make them likely to have exploitable source code behind them. In other words, more features mean more security flaws in the IoT devices and their respective infrastructure.

 

4. An absence of transport layer encryption

 

If your IoT device sends private data over an insecure protocol, it is in cleartext, and as a result, anybody can read it. This only underscores the importance have secure communications protocols with these devices.

 

5. Privacy issues

 

If the data on the IoT device is not encrypted, and other individuals have access to it, this makes your data vulnerable to covert hijacking and theft.

 

6. Unreliable cloud interface

 

Numerous IoT devices can connect to the Cloud. Therefore, having a Cloud-based management interface represents yet another potential security vulnerability.

Therefore, an on-device management interface is much more difficult for a remote attacker to access because it is behind the home router or firewall.

 

7. Unreliable mobile interface

 

Mobile phones are used for almost everything these days. Therefore, IoT devices have a mobile interface as well. However, having another management interface means yet another avenue for the Cyber attacker to get into the IoT infrastructure.

 

8. Inadequate security features

 

Many times, IoT device may not have the security features built into them as it is claimed to be. As a result, there are no encryption options or features to detect and monitor any potential Cyber-attacks.

 

9. Unprotected patches and upgrades

 

In this regard, these questions need to be explicitly addressed: Will the IoT devices be patched to address any security vulnerabilities? How do I know if I require a patch? Can introducing a specific patch further impact the device in question? How would I know if the patch is legitimate and not infused by malware or spyware?

 

10. Erasing personal data

 

This one is not on the OWASP list yet, but it to appear to be a significant issue in IoT devices. For example, if I want to resell my IoT device, what steps can I take to make sure that my personal information and data that reside in it is entirely wiped away before a new user has access to it?

 

Conclusion

 

It is essential to consider these security vulnerabilities when you are purchasing an IoT device. If you are an IoT developer, then give serious consideration as to how you can formulate more robust and secure source code for those devices that you interact with daily.

Learn IoT Security

Learn IoT Security

Learn how ethical hackers exploit the growing number of internet-connected devices and become a Certified IoT Security Practitioner.

However, the stark reality is that consumers will keep on purchasing IoT devices based on price, user-friendliness, and extra features. As a result, security considerations could very well take the proverbial "back burner" for quite some time to come.

Sumit Bhattacharya
Sumit Bhattacharya