The Internet of Things (IoT) has revolutionized the world of automation. Without the advantages given to us from the IoT sphere, industry 4.0 would still be a dream.
Many businesses have already begun to integrate IoT devices into their information systems, and others had some rudimentary IoT devices to start with, such as the WiFi printer.
However, IoT has introduced a new attack vector for cyberattacks. Internet of things cyber attacks pose unique challenges for the security industry. This article will discuss what an IoT attack might look like and ways to defend against it.
What is the IoT?
The humble beginnings of IoT, oddly enough, came from a vending machine. In the 1980s, David Nichols, a student from Carnegie Mellon University, fueled by his desire for Coca-Cola, designed the first IoT device using the department’s vending machine.
The vending machine was just a step too far for him to make the trip, only to be disappointed when there was no Coca-Cola left. Necessity, the mother of invention, struck Mr. Nichols with inspiration, where he contacted some of his university friends with an idea.
His idea was to use the internet to track the contents of the vending machine, so he would know that his trip to the vending machine would not be in vain.
The tech industry has learned a lot since then and has taken IoT to the mainstream. Essentially, IoT today works the same as when Mr. Nichols first brought it to the limelight. They are mundane devices that have been given internet connectivity, hence the name internet of things.
A few examples of everyday IoT devices that you may see in the modern office is:
- Wifi printers
- Smart assistance devices, like Amazon Alexa for business
- Keycard scanners
- Security Cameras
- Automated vacuum cleaners
- Smartphone controlled lighting
These are some examples of the more standard IoT that you possibly use in your home. However, there are some examples of more sophisticated IoT devices that come from data sensors.
Data sensors, as the name suggests, are sensors that are used in data analytics. The history of David Nichols shows the first use of a data sensor. The sensor was attached to the vending machine, which essentially transformed it into an IoT.
These types of data sensors are finding commonplace in the manufacturing and agricultural industry. “Argitech” (agricultural technology) uses data sensors to check things like soil temperature and moisture, which will give the farmers insight into the most optimal growing conditions.
IoT is not going away anytime soon, and with the introduction of 5G, it is likely to continue on an upward trend. However, without a solid foundation in security, IoT use could damage businesses more than benefit them.
Cyber Threats in the IoT Environment
Being internet-connected devices, IoT suffers from traditional security issues that many information systems already have trouble with. The difference here is that conventional information systems have already had decades of testing, building resilience over time.
Also, the problem is further compounded by the diversity of IoT devices and their operating systems.
Below you will find some threats that you can expect to see in the IoT environment.
Vulnerability Exploits: Because of IoT devices’ newness, many creators and distributors of IoT don’t consider security. This results in vulnerabilities that hackers will attempt to exploit. One of the most common types of exploits is open network ports (we will see an example of this in a later section). Developers might make an IoT device and make it ready to use out-of-the-box, which means the buyer can use it right away.
This is convenient because there is little setup involved, but this usually comes at a cost. The cost of easy connectivity is that anyone who knows a little bit of network engineering can access the device, which brings us to the next threat.
Man-in-the-Middle (MitM) attacks: MitM attacks are when an attacker gains access to a communication channel. The channel is usually between two devices, for example, a workstation and a server. If they gain access to an unsecured IoT device, they can “sit” in the communication channel, gather information, or drop a payload sent to the receiving device.
Malware: once an attacker has gained access to an IoT device, they can use this as an entry point to the rest of the information system. As discussed in the previous threat, the attacker can drop a payload on the communication channel, such as malware. Once the malware is on the IoT device, it can change the programming, sending the malware to other IoT devices on the network. It might eventually make its way to critical business assets that can pose a severe threat to your organization’s cyber health.
Distributed Denial of Service (DDoS) attacks: DDoS attacks are when an information system is overloaded with internet traffic to the point of crippling it. For example, when a hacker uses a DDoS attack against the corporate website, the server hosting the website receives excessive requests that slow the website to a crawl making it virtually unusable. DDoS attacks are also seen in the IoT space, which could knock out data sensors or render office devices useless.
However, what is more common, is the use of IoT devices in carrying out DDoS attacks (rather than being the victim of one). It is becoming increasingly common to see IoT devices form the bulk of a bot-net (robot network), essentially an army or “zombified” computers and devices at the hacker’s command. We will see in a later section a real-world example of a super IoT bot-net.
Examples of IoT Attacks
Hackers have already taken advantage of weak IoT device security, and as we will see in the following sections, they have exploited IoT to great effect.
In August 2016, a whitehat malware research group, MalwareMustDie, found malware that targeted internet-connected devices that ran the Linux operating system. The perpetrator could remotely control the malware-infected devices as part of a botnet.
The creators first used the botnet in a DDoS attack against Minecraft servers, a popular video game. The malware itself primarily targets consumer devices, such as home routers and IP cameras. The Mirai botnet continues to grow in more troubling news, and it has apparently shifted its focus to enterprise attacks.
Defending Against IoT Attacks: Technical Safeguards
Securing internet ports: One reason MitM attacks are so common in IoT devices is that hackers find it very easy to access IoT devices due to open ports. Open internet ports are usually a design feature for IoT devices because they make it easier to use “out-of-the-box” so consumers can hook them up quickly.
But this is not a good feature for security reasons. Your organization must secure the internet protocol ports. Two things you can do to secure your ports is to
- Close any unused ports
- Do not connect with any commonly used ports
According to this research, three of the top 10 exposed ports are TCP ports 443, 80, and 22.
Authentication Controls: secure information systems often implement a version of multi-factor authentication. These authentication controls help the system identify the owner of the device. Multi-factor authentication requires the user to give an extra identifier, on top of password protection, such as a security phrase or biometric data as a means to ensure that the user is genuine.
Endpoint Protection: using traditional endpoint protection solutions, like anti-malware and anti-virus, will help stop malware from spreading to the IoT devices of your information system. The problem here becomes containment, like in the Mirai botnet malware, a malware that targets IoT devices that can spread quickly.
Ensuring that the organization controls outside internet traffic properly can help slow down the takeover or prevent it from happening in the best cases.
Organizational Safeguards Against IoT Attacks
Acceptable Use Policy (AUP): Given the diversity of IoT’s available on the market, it would be prudent for your organization to develop an AUP or fair use policy. These policies should help reduce the risk of security events. Essentially, the policy outlines how the users, or members of the organization, can use IoT devices on the corporate network.
The policy can include authorized devices, secure connection channels, and ports and outline sanctions for any violations.
Secure Programming Standards: IoT development is proliferating; with new devices entering the market, buyers delight. However, the gold rush on the development side has led to many IoT shipping in an insecure state.
As a buyer, you should do your best to ensure the IoT devices you are acquiring for your business are designed with security in mind. And as a developer, you should adopt a secure programming standard when developing your IoT tech. This has added benefits in a more security-conscious market, giving you a competitive edge while bolstering your and your customers’ security.
There is no reason you can’t have your cake and eat it too. IoT devices are an excellent way to take traditional businesses into the modern age.
With a plethora of use cases, the sky’s the limit on how we use this new technology. However, we should always consider the long-term effects of insecure architecture, including that of the IoT space.
Don’t sacrifice convenience for security when it is possible to have both.
RSI Security is the nation’s premier cybersecurity provider, and with a wealth of experience, we can help you satisfy your security needs. Whether it be an IoT security strategy or a full cybersecurity architecture implementation, we can help you get there.
Get in contact with us today, schedule a consultation here.