Security threats associated with Internet of Things (IoT)
The Internet of Things (IoT)
The “Internet of Things” (IoT) is the most popular “thing” in the tech world and broadly describes the interconnection of everyday devices through the internet. This can include anything from temperature monitors, Tesla sensor suites, and Bluetooth water bottles. Since the potential applications are so diverse, the IoT devices’ population is rapidly expanding and is poised to explode over the next few years.
- After integrating all the latest devices with internet connectivity, the IoT market is expected to grow at a pace of over $2.4 trillion annually by the end of 2027.
- It is projected that there will be considerable increases in the number of 41 billion by 2027, up from around 8 billion in 2019.
However, there’s a price to such rapid growth – in a rush to connect anything and everything to the internet, dangerous compromises are being made. Build quality, and actual practicality (e.g., the aforementioned Bluetooth water bottle) come to mind first, but more important are system design aspects: networking, architecture, data management, and especially security.
Of course, the first question to come to mind is, “Why should I care? What malicious use would someone have for my smart outlets, or Wi-Fi thermostat, or remote-controlled lights?” This mindset, on the part of customers and manufacturers alike, is leaving millions of everyday products vulnerable and ripe for abuse. More important, however, is the weakness of our current approach to “cybersecurity.” Traditional methods of security architecture and implementation, as well as conventional wisdom regarding threat modeling, leaves us unequipped to deal with this unique and ubiquitous attack vector.
Importance of “security” in IoT
To begin, implementing “security,” even in the abstract, is difficult since it’s a “negative goal.” If we wanted someone to view or update a particular file, this is a “positive” goal – we are building the capability to enable this, targeting a specific entity with a definite end state (the user has access). Restricting access, on the other hand, is a “negative” goal that opens us up to a host of problems. First, there is no longer a specific “target” we are aiming to combat – there is an infinite number of adversaries and threat vectors to consider. While the end state is defined (prevent circumvention of our restrictions), the security of our device and our system requires that this not be possible no matter what.
Common problems with IoT devices
The prevailing philosophy in tech is to design user-friendliness and have plenty of features. However, the saturation and complexity of these features make designing an effective security architecture without vulnerabilities impossible. IoT is particularly at risk here. These devices’ nature is to expose themselves to as many outside actors as possible (other sensors, other devices, other users) in the name of connectivity, which is explained in an example below.
The UPnP protocol (Universal Plug and Play) employed by many IoT devices will automatically open a default set of ports through the user’s router to allow the device to communicate with the wider internet. To be fair, this is required for the device to function– a device that can’t communicate with anything else is useless – but is done automatically and without notification. Even if permissions were switched to manual command, most users, if prompted, would probably just click “OK.” Attackers can also capitalize this interconnectivity by turning anyone device into a pathway to any other. Your stuff may be secure, but your neighbor may still be using default settings. Once he’s compromised, it’s relatively simple to spoof his credentials to access the wider network of similar devices.
- Attackers employ a different mindset than most IoT developers and architects. A common approach is referred to as the “patch and prays” method – a developer will focus on building functionality and using successful attacks on your system to identify specific flaws that can be fixed post-mortem). Attackers, however, tend to take a more holistic view of a system, attacking any components and interfaces available.
IoT provides them with exponentially more attack vectors, which are explained in an example below.
Mirai Botnet Attack
In the early hours of October 21st, 2016, the Mirai botnet (or rather, a particular botnet built on the Mirai framework) surged to life, launching a series of DDoS attacks on Dyn’s Managed DNS service, disrupting access to many of the internet’s most popular and heavily trafficked sites. On a technical level, the previous “first place” for DDoS throughput ran about 650Gbps, using a DNS reflection method, but Mirai averaged around 1.2 terabits. Post-mortem analysis revealed the unique method behind the attack: of the tens of millions of enslaved IPs, a vast majority of the DNS lookup requests came from sources like printers, security cameras, routers, and baby monitors – in other words, some of the most common IoT devices.
Mirai is so effective because it capitalizes on the economy of scale surrounding IoT devices – manufacturers often don’t assign unique access credentials to each of the many devices they create (e.g., the common “admin/admin” logins on many routers) but rather rely on the end-user to implement their security measures. Mirai operates by scanning the web (mainly via Telnet and SSH) for devices using these factory-default or hard-coded credentials, by which they are accessed and co-opted into the botnet.
Preventing IoT devices and networks from attacks
Though there are many security “solutions” that can help mitigate a wide variety of problems, a better reaction would be to change the industry and use best practices surrounding information security. Broadly, architects should move away from a reactive, “post-mortem” strategy and adopt a more holistic mindset as security is a property that cannot be done well when isolated to a particular component or layer but must be a system-wide, architectural concern (a “security-by-default” approach).
Three primary keys to developing an effective security architecture are prevention, resilience, and detection and recovery.
- Prevention: It is the idea of making an adversary job more difficult by way of design mechanisms. If this is not or cannot be the case, a system should be designed for resilience.
- Resilience: Here, it can remain functional (in some form or another) despite ongoing attacks. Common methods for boosting resilience include a restricted Trusted Computing Base, encrypted computation, or specialty architecture (e.g., an “ascend” processor, a hypothetical processor architecture by which private data remains secure accessed by arbitrary third-party programs).
- Detection and recovery: diagnose and repair the damage as soon as possible and have contingencies in place for data recovery and business continuity.
The above are just some thoughts on the challenges facing the IoT sector moving forward, and hopefully, inspire you to conduct some independent investigation and delve deep into what keeps you and your data safe behind the scenes.
Call to Action
Since the IoT devices majorly consist of wireless sensor networks, organizations can improve security by carefully engineering their network segmentation schemes.
- Sensors used in devices should be capable of eradicating suspected actions.
- Enterprises can introduce logic to detect unusual information flowing through the device.
- The user and the enterprise must take ultimate responsibility for end-to-end security across domains.
- Understanding and monitoring the vulnerabilities and applying the capability model helps organizations to react.
- The policymakers must simplify and clarify their data protection and liability policies.