Internet Of Things: Unlocking IoTs

Internet Of Things: Unlocking IoTs

Internet of Things is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction(TechTarget). The network of physical devices and other items embedded with software and network connectivity enables these objects to connect with one another and exchange data. Examples of IoT's are tv’s, cars with built-in sensors, heart monitoring implants, biochips in farm animals, smart home devices, wearables, smart cities to say the few. The benefits of IoT’s denote convenience, decreased costs, enhanced management, increased efficiency, accuracy and economic benefits and more. Although there are tons of great benefits there are numerous risks. The risks range from poor security protocols, cyber-attacks and the opportunity of devices linking into your personal information and accounts including banking. These risks all raise security implications. If you were to develop a software, systems or product that operate on the internet of things it is very important that you address these threats and vulnerabilities. The numerous vulnerabilities and threats can be critical to fix and should be taken care of immediately.

Security Implications

After an intensive amount of research, I was able to detect security implications of the internet of things that consist of emerging threats and vulnerabilities that organizations will need to address if they develop software, systems, and products that operate on the Internet of Things.?The fundamental threats I found conspicuous was the web interface threat, insufficient authentication, lack of transport encryption, privacy concern, poor physical security. The web interface threat is prominent because the web interface built into IoT devices simply allows user interaction with the specified device, but it could also allow an unauthorized user access to the device as well. In this case, it is very important to have strong default credentials, ensuring that account regaining information does not supply a hacker with the information they need to get in, ensuring a proper account lockout for every few tries. It is important to keep a strong interface. Another is insufficient authentication some IoT devices have ineffective mechanisms in place to authenticate the IoT user interface. It is very important to have a complex password, privilege escalation, and two-factor authentication. These aspects will help ensure that you have strong authentication. Another is the lack of transport encryption, this allows the data to be exchanged with the IoT device in an unencrypted format.?

In order to combat this, it is important to ensure only accepted encryption standards and use encryption protocols such as SSL and TLS. Another is privacy concern, these IoT devices can collect unnecessary amount of private information. Such as the names of middle and high schools you attended, a family members name, social security number. This raises more risks because attackers have more personal information that was not necessary in the first place. In order to combat this, it is important to make sure the data that you are sharing is critical to the functionality of the device. Another is poor physical security, this deals with the hacker being able to disassemble a device to easily access the storage medium and any data stored on that medium. In order to combat this, it is important that you conduct a security review of your devices to determine any vulnerabilities. After conducting further research, a lot of threats and vulnerabilities stem from account authentication and updating your credentials to secure your account, to set up an account lockout protocol after many failed attempts of accessing your account and demonstrating two-factor authentication when possible.

When it comes to insecure software implications for the internet of things certain security concepts affect the security posture of the devices and products that are likely to operate on the internet of things. When it comes to defects, it is very important to implement an IoT device with few defects as possible. With that said, it is very important to plan the defect identification in the early stages to access early-stage reliability and to give constructive strategies for preventing the defect before the software is delivered. In some cases, IoT devices bypass the early implementation stages or do not fix or update implications and this causes effects on the security posture of the device. Insecurity plays a huge part in operating and owning an IoT device. When it comes to patching it is very important that a software is properly fixed. Patches make changes to a computer program and there designed to update and fix security bugs although in some cases attackers can get around “patching” and this causes more security vulnerabilities. The concept of attackers seeing visible signs of crime may encourage them to further commit a crime. This concept comes from the “broke windows theory” it is very important to keep your software updated including installing all the updated patches to improve the security posture of your IoT device. It is important for users and manufacturers to go through the decision-making process based on making choices that result in the highest level of benefit to the user. Certain manufacturers do not go through an optimal level rational process and this can derive software security implications.

The lack of rationale can lower the quality and security of an IoT device that is produced and released to the public. It is very important to include rationale when creating these devices for the greater good. When it comes to the limitations of testing, it is very important that you test your device before you release it on the market. When you do not test your device, you can put the users at risk. Conducting a full test will give you the feedback you need in order to create a product that has exiguous security implications. Testing your implications on devices and products is the most extreme part of ensuring that your creation is suitable for others to use. Devices and products during the creation phase require lengthy tests to ensure consumers with strong security systems. The potential effects of vulnerability management on devices and products is important. Vulnerability management ensures that vulnerabilities in devices and products are identified and the risks of the vulnerabilities are then evaluated. This formal evaluation includes correcting the vulnerabilities and removing the risks. It is very important that a risk is properly evaluated and fixed before the device or product comes on the market in order to ensure strong security implications and to reduce the risks of attacks. The overall impact to society as a result of insecure devices and products on IoT is crucial. Insecure devices allow attackers to access IoT devices which causes breaches of data, privacy, and security. It is important that vulnerability management including testing is taken seriously to avoid software implications and attacks. As soon as a device is compromised that can cause a lot of damage to IOT users. In order to avoid these breaches, it is important that each measured mentioned is applied.

Potential Solutions

In order to ensure safety and security of devices and products operating on the IoT, it is important to take these measures. First testing plays a big part. It is very important to test your device or product several times to work out any lingering flaws or security implications. Hiring ethical hackers in order to test devices as well helps improve the security because they are able to think like a potential hacker that is trying to compromise your system. Once you conduct proper testing this will lower the risks of software implications, data breaches, and privacy.?It is also important to have strong physical security. Poor physical security proposes a weakness because a hacker is able to disassemble a device and access the storage medium on the device and any data stored on the storage medium. To provide a solution to physical security hacks it is very important that you conduct a security view of all your devices, document and implement minimum security standards for all devices and ensure that these standards are adhered to as part of the manufacturing process. Lastly, weak authentication or unencrypted data channels can allow an attacker to access the device or underlying data of an IoT device that uses a vulnerable interface for user interaction.

A common solution for this common IoT issue is proper authentication and patching. Patching is a quick and effective method that can be used if a device is already exploited. It can allow the IoT company to digest and figure out what went wrong and how to improve it in the future. Overall, it is important to implement these potential solutions. Other memorable solutions are Two-factor authentication because it provides another layer of security.?Firewall’s because it provides an extra layer of protection and ensure that a company will be able to fix and patch these devices. Encrypting IoT devices as well because it makes their data less easy to hack. All these potential solutions, ensure the safety of devices and products that operate on the IoT. At the least they will show the problems that companies could aim to solve. These solutions should be able to help combat IoT attacks and make the security posture of IoTs stronger.

References:

IoT Security: Huge Problems and Potential Solutions. (2016, June 26). Retrieved from https://www.cintas.com/ready/healthy-safety/iot-security-huge-problems-and-potential-solutions/

Threat and Vulnerability Management Standard. (n.d.). Retrieved from https://www.resolver.com/trust/policies/threat-vulnerability-management-standard/

Pal, A. (2018, June 28). The Internet of Things (IoT) – Threats and Countermeasures. Retrieved from https://www.cso.com.au/article/575407/internet-things-iot-threats-countermeasures/