IoT Agenda.com

IoT security (internet of things security)

By Kinza Yasar

What is IoT security (internet of things security)?

IoT security (internet of things security) is the technology segment focused on safeguarding connected devices and networks in IoT. IoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and people. Each thing has a unique identifier and the ability to automatically transfer data over a network. However, enabling devices to connect to the internet opens them up to serious vulnerabilities if they aren't properly protected.

The term IoT is extremely broad, and as this technology continues to evolve, the term only becomes broader. From watches to thermostats to video game consoles, nearly every technological device can interact with the internet, or other devices, in some capacity.

IoT security is even broader than IoT, resulting in a variety of methodologies falling under that umbrella. Application programming interface (API) security, public key infrastructure (PKI) authentication and network security are just a few of the methods IT can use to combat the growing threat of cybercrime and cyberterrorism rooted in vulnerable IoT devices.

Why is IoT security important?

Due to the unconventional manufacturing of IoT devices and the vast amount of data they handle, there's a constant threat of cyber attacks. Several high-profile incidents where a common IoT device was used to infiltrate and attack the larger network have drawn attention to the need for IoT security.

The ever-looming possibility of vulnerabilities, data breaches and other risks associated with IoT device usage underscores the urgent need for strong IoT security. IoT security is vital for enterprises, as it includes a wide range of techniques, strategies, protocols and actions that aim to mitigate the increasing IoT vulnerabilities of modern businesses.

IoT security issues and challenges

The more ways there are for devices to connect to each other, the more opportunities there are for threat actors to intercept them. Hypertext Transfer Protocol and APIs are just two of the channels that IoT devices rely on that hackers can intercept.

The IoT umbrella doesn't strictly include internet-based devices either. Appliances that use Bluetooth technology also count as IoT devices and, therefore, require IoT security.

The following IoT security challenges continue to threaten the financial safety of both individuals and organizations:

In 2020, a cybersecurity expert hacked a Tesla Model X in less than 90 seconds by taking advantage of a massive Bluetooth vulnerability. Other cars that rely on wireless key fobs to open and start have experienced similar attacks. Threat actors have found a way to scan and replicate the interface of these fobs to steal vehicles without so much as triggering an alarm. If technologically advanced machinery, such as a Tesla vehicle, is vulnerable to an IoT data breach, then so is any other smart device.

How to protect IoT systems and devices

Enterprises can use the following tools and technologies to improve their data protection protocols and security posture:

  1. Introduce IoT security during the design phase. Of the IoT security risks and issues discussed, most can be overcome with better preparation, particularly during the research and development process at the start of any consumer-, enterprise- or industrial-based IoT (IIoT) device development. Enabling security by default is critical, along with providing the most recent operating systems and using secure hardware.

    IoT developers should be mindful of cybersecurity vulnerabilities throughout each stage of development -- not just the design phase. The car key hack, for instance, can be mitigated by the driver placing their fob in a metal box or away from the windows and hallways in their home.
  2. PKI and digital certificates. PKI can secure client-server connections between multiple networked devices. Using a two-key asymmetric cryptosystem, PKI can facilitate the encryption and decryption of private messages and interactions using digital certificates. These systems help to protect the clear text information input by users into websites to complete private transactions. E-commerce wouldn't be able to operate without the security of PKI.
  3. Network security. Networks provide a huge opportunity for threat actors to remotely control IoT devices. Because networks involve both digital and physical components, on-premises IoT security should address both types of access points. Protecting an IoT network includes ensuring port security, disabling port forwarding and never opening ports when not needed; using antimalware, firewalls, intrusion detection systems and intrusion prevention systems; blocking unauthorized IP addresses; and ensuring systems are patched and up to date.
  4. API security. APIs are the backbone of most sophisticated websites. They enable travel agencies, for example, to aggregate flight information from multiple airlines into one location. Unfortunately, hackers can compromise these channels of communication, making API security necessary for protecting the integrity of data being sent from IoT devices to back-end systems and ensuring only authorized devices, developers and apps communicate with APIs. T-Mobile's 2018 data breach exposed the consequences of poor API security. Due to a leaky API, the mobile giant exposed the personal data of more than 2 million customers, including billing ZIP codes, phone numbers and account numbers.

Additional IoT security methods

Other ways to introduce IoT security include the following:

Which industries are most vulnerable to IoT security threats?

IoT security hacks can happen anywhere -- from a smart home to a manufacturing plant to a connected car. The severity of the attack depends greatly on the individual system, the data collected and the information it contains.

For example, an attack disabling the brakes of a connected car or hacking a connected health device, such as an insulin pump, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that's monitored by an IoT system can ruin the viability of a medication if temperatures fluctuate. Similarly, an attack on critical infrastructure, such as an oil well, energy grid or water supply, can be disastrous.

Other attacks, however, can't be underestimated. For example, an attack against smart door locks could potentially allow a burglar to enter a home. Or, in other security breaches, an attacker could pass malware through a connected system to scrape personally identifiable information, wreaking havoc for those affected.

Generally speaking, industries and agencies that are most vulnerable to IoT security threats include, but aren't limited to, the following:

Which IoT devices are most vulnerable to security breaches?

In a home-based setting, typically, IoT devices such as smart TVs, refrigerators, coffee machines and baby monitors are known to be vulnerable to security attacks.

In enterprise settings, medical equipment and network infrastructure devices, such as video cameras and printers, can be potential targets. According to research from IoT security provider Armis, 59% of the IP cameras their platform monitored in clinical settings have critical severities, while the second-most dangerous IoT equipment in clinical sites are printers, which have 37% unpatched Common Vulnerabilities and Exposures, 30% of which are critical severity.

Notable IoT security breaches and IoT hacks

Security experts have warned of the potential risk of large numbers of insecure devices connected to the internet since the IoT concept first originated in the late 1990s. Many attacks subsequently have made headlines -- from refrigerators and TVs being used to send spam to hackers infiltrating baby monitors and talking to children. Many IoT hacks don't target the devices themselves, but rather use IoT devices as an entry point into the larger network.

Notable IoT security attacks include the following:

IoT security standards and legislation

Many IoT security frameworks exist, but there's no single industry-accepted standard to date. However, simply adopting an IoT security framework can help; they provide tools and checklists to help companies that are creating and deploying IoT devices. Such frameworks have been released by the nonprofit GSM Association, IoT Security Foundation, Industry IoT Consortium and other organizations.

Other IoT security standards and regulations include the following:

IoT attacks and security varies

IoT security methods vary depending on the specific IoT application and its place in the IoT ecosystem. For example, IoT manufacturers -- from product makers to semiconductor companies -- should concentrate on building security into their devices from the start, making hardware tamperproof, building secure hardware, ensuring secure upgrades, providing firmware updates and patches, and performing dynamic testing.

Developers of IoT devices should focus on secure software development and secure integration. For those deploying IoT systems, hardware security and authentication are critical measures. Likewise, for operators, keeping systems up to date, mitigating malware, auditing, protecting infrastructure and safeguarding credentials are key. With any IoT deployment, it's critical to weigh the cost of security against the risks prior to installation, however.

IoT endpoints have emerged as top targets for cybercriminals. Discover the top 12 IoT security threats and how to prioritize them.

07 Aug 2023

All Rights Reserved, Copyright 2005 - 2024, TechTarget | Read our Privacy Statement