In the era of digital transformation, Internet of Things (IoT) devices have become an essential part of our daily lives. From smart homes to industrial facilities, IoT devices are connected to the internet and exchange data to automate tasks, provide insights, and enhance productivity. However, the more connected devices we use, the greater the risk of cybersecurity threats.
Therefore, it is crucial to understand the potential security risks and implement effective measures to protect our IoT devices and data. In this article, we will discuss the key aspects of IoT device security and best practices to safeguard your smart world.
When it comes to vulnerable IoT systems, many first think of modern smart devices like digital assistants or smart watches. Yet the greatest risks lie with typically unmanaged IoT devices in the smart building, healthcare, network and VoIP, and operations technology sectors.
A recent study by ForeScout reveals which IoT devices pose particular risks. The data illustrates which devices in which areas of the enterprise pose the greatest risk of compromise. This helps security teams focus on key areas depending on the threat. The time factor plays an important role here, and one that should not be underestimated.
The most vulnerable and critical gateway should be closed especially quickly to prevent cybercriminals from penetrating one’s network. But what are the 10 biggest gateways?
To determine the highest-risk device features, it makes sense to first determine an individual risk score for each device. The following figure illustrates the top 10 riskiest device types in select industries, highlighting ones that IT security teams should take a closer look at. In the figure, device functions are grouped as follows:
- Smart building devices include HVAC systems, IP cameras, physical access control, emergency communications systems, and lighting.
- Healthcare devices include HL7 gateways, Picture Archiving and Communication System (PACS) archives, radiation therapy systems, radiology workstations, and sterilization.
- Network and VoIP devices include network management, firewalls, out-of-band controllers, routers or switches, VoIP servers, serial-to-IP converters, and wireless access points.
- Operational devices include UPS, PLCs, and robots.
- Other IoT devices include printers, video conferencing, pneumatic tube systems, point of sale (POS), and network-connected warehouses.
Most of these device types are waiting with many open ports, connections, and vulnerabilities. With the exception of network devices, all types are primarily unmanaged devices. Although typical IT workstations are not included in the listing due to hardware/software fragmentation, they are still among the most important entry points in the enterprise network.
Attacks exploiting these workstations typically begin with phishing, malicious emails, or infected websites. This is followed by lateral movement within the Active Directory domain.
Contents
- What is IoT and IoT Devices Security Challenges?
- Common Threats to IoT Devices
- IoT Device Security Best Practices
- Top 10 riskiest IoT devices.
- Frequently Asked Questions
- What is an IoT device?
- What are the security risks of IoT devices?
- How can I protect my IoT devices from security threats?
- Why are default passwords a security risk for IoT devices?
- What is network segmentation, and why is it important for IoT security?
- What is encryption, and why is it important for IoT security?
- What are the benefits of IoT devices?
- What is the future of IoT security?
- Who is responsible for IoT security?
- How can I stay informed about IoT security?
- Conclusion
What is IoT and IoT Devices Security Challenges?
IoT refers to a network of physical devices, vehicles, home appliances, and other items that are embedded with sensors, software, and connectivity to exchange data over the internet. The IoT ecosystem includes a wide range of devices, such as smart speakers, thermostats, cameras, wearables, industrial sensors, and more.
While IoT devices bring convenience and efficiency to our lives, they also pose significant security challenges.
IoT devices have unique security vulnerabilities that make them attractive targets for cybercriminals. Unlike traditional computers and servers, IoT devices are often designed with limited computing power, memory, and storage, making them less capable of running robust security software.
Moreover, IoT devices are distributed across different locations, networks, and protocols, creating a complex attack surface for hackers. Additionally, IoT devices are often deployed in critical infrastructure and sensitive areas, such as healthcare, energy, transportation, and finance, which makes their security essential for public safety and privacy.
Common Threats to IoT Devices
IoT devices are vulnerable to various types of security threats, including:
Malware and Ransomware
Malware is malicious software that is designed to infiltrate and damage a computer system. Ransomware is a type of malware that encrypts the victim’s data and demands payment in exchange for the decryption key. IoT devices can be infected with malware and ransomware through various attack vectors, such as phishing emails, malicious websites, unsecured networks, and infected USB drives.
Once infected, IoT devices can become part of a botnet, a network of compromised devices that can be controlled by hackers to launch large-scale attacks.
DDoS Attacks
Distributed Denial of Service (DDoS) attacks are a type of cyber attack that floods a network or server with traffic, causing it to crash or become unavailable. IoT devices can be used as botnets to launch DDoS attacks, as they are often poorly secured and have weak default passwords. For example, the Mirai botnet, which caused a massive DDoS attack in 2016, exploited security vulnerabilities in IoT devices, such as IP cameras and routers.
Man-in-the-Middle Attacks
Man-in-the-Middle (MitM) attacks are a type of cyber attack that intercepts the communication between two parties and alters it without their knowledge. IoT devices that communicate over unsecured networks, such as Wi-Fi or Bluetooth, are vulnerable to MitM attacks. Hackers can intercept the data exchanged between the IoT device and the server, steal sensitive information, or inject malicious code.
Physical Attacks
IoT devices can also be vulnerable to physical attacks, such as theft, tampering, or destruction. Physical attacks can compromise the confidentiality, integrity, and availability of IoT devices and data.
For example, a hacker could steal an IoT device to extract sensitive data or install malware, or tamper with the device to modify its functionality or settings.
Physical security measures, such as locks, alarms, and surveillance cameras, can help mitigate the risk of physical attacks.
IoT Device Security Best Practices
To protect your IoT devices and data from security threats, you should follow these best practices:
Secure Passwords and Authentication
IoT devices often come with default passwords that are easy to guess or crack. Therefore, you should change the default passwords and use strong, unique passwords for each device. Moreover, you should enable two-factor authentication (2FA) or multi-factor authentication (MFA) to add an extra layer of security to your devices.
2FA and MFA require a user to provide two or more pieces of evidence, such as a password and a fingerprint or a code sent to a phone, to access the device.
Regular Software Updates and Patches
IoT devices may have software vulnerabilities that can be exploited by hackers. Therefore, you should regularly check for software updates and patches released by the device manufacturer or vendor and install them promptly. Software updates and patches can fix security vulnerabilities, improve device performance, and add new features.
However, you should also be careful to download updates and patches from trusted sources and avoid downloading them from unknown or suspicious websites.
Network Segmentation and Firewalls
You should segment your network to separate IoT devices from other devices and services, such as computers, smartphones, and servers. Network segmentation can limit the attack surface and prevent the spread of malware and other threats to other devices.
Moreover, you should use firewalls to control the incoming and outgoing traffic of your IoT devices and block unauthorized access. Firewalls can also monitor the network activity of your IoT devices and alert you to suspicious behavior.
Encryption of Data and Communication
You should encrypt the data and communication of your IoT devices to prevent eavesdropping and data theft. Encryption can scramble the data and make it unreadable to unauthorized users. Moreover, you should use secure communication protocols, such as HTTPS, SSL/TLS, and SSH, to encrypt the data transmission between your IoT devices and servers.
Secure communication protocols can also prevent MitM attacks and other types of interception.
Physical Security Measures
You should implement physical security measures to protect your IoT devices from theft, tampering, or destruction. Physical security measures can include locks, alarms, surveillance cameras, and access control.
Also, you should keep your IoT devices in secure locations, such as locked cabinets or rooms, and avoid leaving them in public or unattended areas.
Future of IoT Security
The future of IoT security is evolving with the advancements in technology and the increasing adoption of IoT devices. The security challenges of IoT devices are becoming more complex and diverse, as new types of devices and services are being added to the IoT ecosystem.
Therefore, the security of IoT devices will require a holistic approach that addresses the hardware, software, and network layers. Moreover, the collaboration between stakeholders, such as device manufacturers, service providers, and regulators, will be essential to establish standards, guidelines, and best practices for IoT security.
Top 10 riskiest IoT devices.
In addition to analyzing the risk level of device groups, as well as their distribution within industries, Forescout Research Labs measured the risk posed by specific device features and types.
The figure illustrates the ten highest-risk device classes. While they are far from the only classes that should be monitored by security teams, they are certainly among the most important. It should be noted that all of these devices are typically unmanaged.
1. Physical access control solutions
These devices are used to open or close door locks with authorized credentials. In the research, it was found that they are often configured with open ports (including Telnet port 23), connected to other risky devices, and contain serious reported vulnerabilities.
2. HVAC systems
Found that heating, ventilation, air conditioning (HVAC) devices were also configured with critical open ports (including Telnet) and connected to other risky devices, as well as containing some critical vulnerabilities that could allow a complete takeover of a device (CVE-2015-2867 and CVE-2015-2868).
3. Network cameras
Investigated IP cameras have dozens of serious vulnerabilities (e.g., CVE-2018-10660). They are usually configured with critical ports such as SSH port 22 and FTP.
4. PLC/PLC
The programmable logic controllers (PLCs) identified here have serious vulnerabilities (for example, CVE-2018-16561). Their potential impact is very high because PLCs control critical industrial processes. (The infamous Stuxnet malware, for example, targeted S7 systems used for uranium enrichment.) Nevertheless, these devices are ranked lower than the first three because they have fewer open ports and lower connectivity in the sample.
5. Radiotherapy systems
No vulnerabilities have been reported for these devices, but they have been found to be configured with many open critical ports (including telnet) and connectivity to other risky medical devices. The impact of the exploitation of these devices is inherently high.
6. Out-of-band controller
This refers to an out-of-band controller for servers that are integrated into the motherboard and provide an interface for managing and monitoring the server hardware. It contains its own processor, memory, network connection, and access to the system bus. Relevant vulnerabilities were found in these devices, such as CVE-2015-7272, which can be exploited via SSH (port 22 was open in all of these devices in the dataset) to achieve a denial of service attack, and CVE-2019-13131, which can be exploited via SNMP (port 161 was open in most iDRAC devices in the dataset) to achieve remote code execution.
7. Radiology workstations
This workstation is commonly connected to many peripheral systems in healthcare facilities, such as radiology information systems, PACS, electronic medical records, and more. In the case of radiation therapy systems, there are no reported vulnerabilities. However, these devices have been found to be configured with many open critical ports and connectivity to risky devices. The exploitation impact is also very high as it is a workstation where common attacker tools can be easily adapted to achieve persistence or pivot within a healthcare network.
8. Picture archiving and communication systems (PACS)
PACS are medical imaging systems that enable the storage, retrieval, management, distribution, and presentation of medical images. The research found vulnerabilities in these systems (for example, CVE-2017-14008 and CVE-2018-14789). Because of their place in the network and their application context, they have a similar risk profile to other medical devices in the research sample.
9. Wireless access points
These contain many critical vulnerabilities, including CVE-2017-3831 and CVE-2019-15261, and are often associated with multiple risky guest devices.
10. Network management cards
These contain many critical vulnerabilities. The cards are used to remotely monitor and control individual UPS devices. In addition to the presence of known vulnerabilities (for example, CVE-2018-7820), high connectivity, and open ports, these devices have the interesting ability to support BACnet/IP and Modbus/TCP protocols, again highlighting the convergence of smart building technology with IT infrastructure.
Frequently Asked Questions
What is an IoT device?
An IoT device is a physical device that connects to the internet and can transmit and receive data. Examples of IoT devices include smart home devices, wearables, industrial sensors, and connected vehicles.
What are the security risks of IoT devices?
IoT devices can be vulnerable to various security threats, such as malware, hacking, phishing, physical attacks, and data breaches. These threats can compromise the confidentiality, integrity, and availability of IoT devices and data.
How can I protect my IoT devices from security threats?
To protect your IoT devices from security threats, you should follow best practices, such as using secure passwords and authentication, regular software updates and patches, network segmentation and firewalls, encryption of data and communication, and physical security measures.
Why are default passwords a security risk for IoT devices?
Default passwords are a security risk for IoT devices because they are often easy to guess or crack, and many users do not change them. Hackers can use default passwords to gain unauthorized access to IoT devices and data.
What is network segmentation, and why is it important for IoT security?
Network segmentation is the process of dividing a network into smaller subnetworks to limit the attack surface and prevent the spread of malware and other threats. Network segmentation is important for IoT security because it can isolate IoT devices from other devices and services and reduce the risk of lateral movement and compromise.
What is encryption, and why is it important for IoT security?
Encryption is the process of converting plaintext data into ciphertext to protect it from unauthorized access. Encryption is important for IoT security because it can prevent eavesdropping, data theft, and other types of attacks that target the data and communication of IoT devices.
What are the benefits of IoT devices?
IoT devices offer many benefits, such as convenience, efficiency, automation, and cost savings. IoT devices can enhance our daily lives by providing smart solutions for home, work, and leisure activities.
What is the future of IoT security?
The future of IoT security is evolving with the advancements in technology and the increasing adoption of IoT devices. The security challenges of IoT devices are becoming more complex and diverse, as new types of devices and services are being added to the IoT ecosystem. Therefore, the security of IoT devices will require a holistic approach that addresses the hardware, software, and network layers.
Who is responsible for IoT security?
The responsibility for IoT security is shared among various stakeholders, such as device manufacturers, service providers, and end-users. Each stakeholder has a role to play in ensuring the security of IoT devices and data.
How can I stay informed about IoT security?
You can stay informed about IoT security by following the latest security trends and updates, reading security blogs and articles, attending security conferences and webinars, and consulting with security experts and professionals. It is important to stay proactive and take measures to protect your IoT devices and data.
–
IoT devices offer many benefits, but they also pose significant security risks. By following best practices, such as using secure passwords and authentication, regular software updates and patches, network segmentation and firewalls, encryption of data and communication, and physical security measures, you can mitigate the risk of security threats and enjoy the benefits of IoT devices. Remember to stay informed and proactive about IoT security to protect your smart world.
Conclusion
IoT devices have become an integral part of our daily lives, but they also pose significant security risks. To protect your smart world, you should follow the best practices of IoT device security, such as using secure passwords and authentication, regular software updates and patches, network segmentation and firewalls, encryption of data and communication, and physical security measures.
By implementing these measures, you can mitigate the risk of security threats and enjoy the benefits of IoT devices without compromising your privacy and security. However, the future of IoT security is constantly evolving, and new threats and challenges will emerge as the IoT ecosystem expands.
Therefore, it is important to stay informed about the latest security trends and updates and take proactive measures to protect your IoT devices and data.
Information Security Asia is the go-to website for the latest cybersecurity and tech news in various sectors. Our expert writers provide insights and analysis that you can trust, so you can stay ahead of the curve and protect your business. Whether you are a small business, an enterprise or even a government agency, we have the latest updates and advice for all aspects of cybersecurity.