IoT Security - What, Why and How - Internet of Things

IoT Security - What, Why and How - Internet of Things

. 5 min read

IoT Security is a key factor to implement in today’s world. The amount of IoT devices in today’s world is just overwhelming. Everywhere we go, we see an IoT device being used. For example Home automation systems, CCTV cameras, mobile phones and etc. This is a good thing, as it shows that we are evolving. But with the good also comes bad. Just take a look at Jason’s lifestyle below and you will understand what I am talking about.

One day, Jason came back home from work in the evening. His wife and kids were out and he didn’t have a key to get in. But it didn’t matter because he could unlock the door with an app on his phone. The lock was powered by a Bluetooth chip, which needed a handshake with the phone with a specific passkey, to let the person through. He went in and the light turned on automatically to the perfect ambience, remembering his daily usage pattern and footsteps.

[![Why IoT Security is required](https://blog.attify.com/content/images/2017/06/2340.png)](https://blog.attify.com/content/images/2017/06/2340.png)Internet of Things Security
*(Image *source:* http://www.internetofmorethings.com/)*

Needless to say, the air conditioner, TV and other appliances followed the same order. Before going to bed, on the press of a button, his toasts were made, as the toaster’s settings were controlled by another app. The lights instinctively went off as he hopped onto his bed, where he had a great sleep.

The next morning at work, he was momentarily worried about the safety of his girl at school, so he opened his phone and checked where she was on maps thanks to the chip in her school bag. She was in school, or so the maps showed. Later in the evening, he got a call from an unknown number. They had taken her daughter. And technology didn’t help. They wanted to strong-arm him into signing a new deal that benefited a rival company more. They were smart enough to bypass security and find out where his daughter was, and left the bag in school and took the kid.

One week later, Jason comes back home after work again to a locked door. But this time, his passkey doesn’t work. The door lock has been hacked, and the hacker demands $200 to let him in. What does he do? He pays and goes in, only to find himself in the dark as lights refuse to switch on. There is a notification on his app demanding $10 per light bulb in his home for that night, and there is no way he could get through without paying the money. Jason panics. He doesn’t know what else has been compromised. Probably his bank account, which he controls with a swipe on his phone? Or his and his family’s daily movements?

The stakes in the above scenarios are relatively low compared to if the same thing had happened to a corporate? Take the below situation:

There’s a company that manufactures door locks that can be opened via Bluetooth/RFID and passcode. They’ve completed manufacturing and have started shipping their products, thanks to a huge spike in orders. They get a message one evening, that there is a serious flaw in the security component of their product, and they are one attack away from being hacked. The hackers hold them ransom now sitting thousands of miles away and demand significant amounts of money.

[![Internet of Things and Smart Devices](https://blog.attify.com/content/images/2017/06/AAEAAQAAAAAAAAT3AAAAJDQxMDk1YWIwLTA3MWYtNGIxNC1iMmYwLWFhZWU2MDYxM2JiNw.jpg)](https://blog.attify.com/content/images/2017/06/AAEAAQAAAAAAAAT3AAAAJDQxMDk1YWIwLTA3MWYtNGIxNC1iMmYwLWFhZWU2MDYxM2JiNw.jpg)Internet of Things and Smart Devices
(Image source: http://bwdisrupt.businessworld.in/article/Futuristic-Companies-Seeking-IOT-Innovations/14-06-2016-99133/)

The above scenarios are serious issues that can become commonplace in the future. Internet of Things, or IoT as it is commonly known, is the next big thing. Internet of Things is the concept by which every gadget you hold is connected to the internet, and can be controlled by another device, either remotely or when you’re next to it. The whole world is doting on it. They could make your life simpler in so many ways. But what most people don’t realise is that the risks are equally high. The probability your IoT device can be hacked is very high.

The chief of NSA’s Tailored Access Operations unit has come out in the open and said IoT has made life easier for him and his hackers. He also said poor security of such devices is a major concern to the country.

Ransomware is the new thing that’s being talked about a lot, with the WannaCry attacks being the breaking the news. Look ahead a few years, and you’ll find hackers taking control of everything, as all the things we use on a daily basis is going to be connected to the Internet. That’s not a great scenario to be. Nobody wants to get locked in their cars helplessly and paying money to a guy sitting miles away just to get out of it because they opted for self-driven cars. The worst part is, IoT is going to be involved in the day to day devices that we are going to hold for a long time to come. Unlike mobile phones that come and go every two years, cars are going to be held by someone for a decade or so. Would you want to compromise on the security something like a personal vehicle in which you drive to work every day and take your family members out for dinner?

[![Attacker controlling your IoT devices](https://blog.attify.com/content/images/2017/06/iot-security.jpg)](https://blog.attify.com/content/images/2017/06/iot-security.jpg)Attacker controlling your IoT devices
(Image Source : http://www.hackcave.net/2016/03/hardsploita-framework-to-audit-iot.html)

How to improve the security of your IoT device?

A number of IoT devices have little to no security, and that is why hackers find it easy to penetrate within a matter of minutes. IoT security is non-existent in most devices. There are not much security protocols which have been put in place to protect these devices. As mentioned above, where there is good, there is also bad. But some measures can be taken to improve IoT security of the devices. There are some simple things one can do to beef up their IoT Security. I have listed them below:

  • Change the default username and password, and don’t share these details with anyone.
  • Do install all the security updates.
  • Don’t connect to any open networks.
  • Refrain from using used or refurbished products because there will be a high chance of a virus implanted.
  • Don’t buy from untrusted sources. Make sure it is reliable.
  • Turn off the devices when not in use.

IoT Security is a crucial component of anything electronic or connected to the internet. And before jumping into something life changing, we should be well aware of the consequences.

About Attify – the IoT Security firm

We at Attify help companies secure their valuable data and make sure that their devices can never be hacked. You can learn more about our IoT penetration testing services here: https://www.attify.com/iot-security-pentesting/.

We believe these are the 7 most critical IoT security vulnerabilities:  http://attify.co/iotguide – a pdf that we have put together for helping companies build better and secure devices and to focus on IoT Security.

What according to you is the “Chink in One’s Armour ”? Do let us know.

hacking smart devicesinternet of thingsIoT Exploitationiot hackingiot pentestiot pentestingiot securityiot security trainingpenetration testing

Attify Team

IoT Security and Penetration Testing

Recent Posts

Fuzzing IoT binaries with AFL++ - Part II

Fuzzing IoT binaries with AFL++ - Part I

To Boot Or Not To Boot – Practical Attack Vector

To Boot Or Not To Boot – Das U-Boot

To Boot Or Not To Boot

You Might Be Interested In

appsec usa

Offensive IoT Exploitation training - Q4 2017

android security

Protecting Your Internet of Things- The Ultimate Security and Privacy Guidelines

iot attacks

The Most Frightful Internet of Things Attacks Of All Time