Hidden risk in IoT
Hains Jose
Security Operations Team Lead @ LCM Security Inc. | Cybersecurity Expert | GIAC Certified Incident Handler | Fortinet Certified Professional | Security+
IoT refers to Internet if things. These includes electronic devices which is being used in daily basis, for instance we can say the devices which can ‘talk’ to other devices. Which can include every devices connected to internet. In this article my I want to exclude some devices (Smartphones, Laptops) and include some IoT which can communicate without being physically involved (Fitness, trackers, smart speakers, thermostats, smartbulb)
The first wave of IoT security attacks hit in 2016 when the Mirai Botnet compromised the security on a number of IoT devices, including IP cameras and routers and turned the devices into centrally-controlled botnets. These botnets caused a disruptive bottleneck that disrupted access to the Internet for millions of users worldwide.
Risk to an organization
- If attacker get an access to IoT they can access smart applications such as HVAC systems, and they can control the temperature, tampering will cause a huge damage to server rooms
- Accessing PII (Personal Identifiable Information) from unsecure IoT devices
- Getting unauthorized access to building bypassing security controls
- Initiating DDOS (Distributed Denial Of Service)attack against vulnerable IoT devices
- Getting unauthorized access to a car and connected devices
How can we keep IoT secure?
- Changing default password of IoT – Many IoT has default password, which make them vulnerable to attack
- Turning off automatic connection to wireless networks and automatic connection functionality.
- Updating devices whenever patches are available
- Researching security features about a particular product before buying it
Reference
https://www2.deloitte.com/us/en/pages/technology-media-and-telecommunications/articles/cyber-risk-in-an-internet-of-things-world-emerging-trends.html
https://cyber.gc.ca/en/guidance/internet-things-security-small-and-medium-organizations-itsap00012
https://www.forbes.com/sites/chuckbrooks/2021/02/07/cybersecurity-threats-the-daunting-challenge-of-securing-the-internet-of-things/?sh=4a18cfe35d50
https://www.forcepoint.com/cyber-edu/iot-cybersecurity