Security concerns with the usage of IoT
Internet of things can be defined as a network infrastructure that is used to link virtual and physical objects through the exploitation of communication capabilities and data collection. The system has evolved from the convergence of the internet, micro-electromechanical systems, wireless technologies and micro-services. The system is however faced with several challenges when it comes to security, some of them discussed underneath:
Vulnerability to hacking: There is a wide range of vulnerabilities in a wide range of IoT devices. These vulnerabilities can be used by hackers to undertake several unwarranted activities such as changing the systems settings, collecting data, remotely controlling and viewing of the system among others. For example, research proves that internet connected cars can be easily compromised by hackers. Making them able to unlocking and locking doors, shutting down cars or even driving one’s car.
Not long ago, researchers found critical vulnerabilities in a wide range of IoT baby monitors, which could be leveraged by hackers to carry out a number of nefarious activities, including monitoring live feeds, changing camera settings and authorizing other users to remotely view and control the monitor.
Privacy concerns: Devices connected through the IoT system collect personal information about a person via the device, the device’s mobile applications or through the cloud. A majority of this information includes names, credit card information, address and healthcare data. It is estimated that about 90% of these devices transmit these data across the network without taking necessary privacy measures such as encryption. This exposes users to risk of exposing their data through wireless networks. Most IoT devices use cloud services which are extremely vulnerable to data breach.
Insufficient authentication/authorization. A large number of users and devices use weak authorizations and passwords. Most of the systems allow users to use simplistic passwords such as”12345” or dates of births. These authentications can easily be hacked exposing user data to unauthorized personnel.
What can be done?
Security should be at the heart of every stage of developing and designing a IoT project.
There are many different types of solutions available. Kaspersky Labs, for example, has Kaspersky OS, a secure environment for the IoT. Other suppliers, including Tenable Networks and Check Point, also provide solutions that are relevant here.
A key action for organizations is to pay close attention to the network settings for IoT devices and, where possible, separate them from access to the internet and to other devices.
Also, IoT devices should be identified and managed alongside regular IT asset inventories; and basic security measures like changing default credentials and rotating strong Wi-Fi network passwords should be used.
The gateways and Edge components that connect IoT devices to networks and the cloud, need to be secured as well as the devices themselves. IoT devices are always connected and always on. In contrast to human-controlled devices, they go through a one-time authentication process, which can make them perfect sources of infiltration into company networks. Therefore, more security needs to be implemented on these components to improve the overall security of the system.
There must be innovative plans for installing security updates on IoT devices. It is evident that soon many consumers will own devices or installations with hundreds of connected devices. This will make manual installation of security updates very challenging. An automatic update solution has to be put in place to increase security efficiency in the system. Another essential solution is the development of privacy policies. This will help inform you about collecting information and guide you in maintaining good security practice and reporting unusual activity.
Originally this article was published here, IntelZone AS.