Security of IoT devices
What are IoT devices?
IoT, or the Internet of Things, are devices which connect to the internet and help with day-to-day tasks, devices can be anything from gimmicks to industrial based systems. Some of the more popular devices are Amazon’s Alexa and Google’s Home. These devices are becoming evermore popular due to making our lives smarter, but at what cost?
Don’t devices come with security by default?
Since the release of the IoT devices over the last several years, devices have come with weak or limited security, which leads to easy compromise. For all the wrong reasons, these devices have been making the news, one of the most famous ones, was someone hacking into a baby monitor.
Devices are still be broken into relatively easily but using simple techniques. Whether its accidently leaving hardcoded credentials in the source code or within the embedded system or having weak verification of input strings or simply not even passing everything over HTTPS.
Its not been until 2019 when cyber security and security best practices have been through about when it comes to IoT, however there is still not enough being done.
Recently there’s been a report about the security of the new 5G that is slowly being pushed out as the new mobile / IoT technology. 5G is currently being scrutinised for possible SIM-swap attacks.
The future of IoT security
According to DBS Bank, which looked at data from IoT research institutions, we will reach 100% market adoption over the next 10 years. It appears that by the end of 2019, we will reach the tipping point between the early adoption and the early majority, where sales and deployment of IoT devices take off at an exponential rate as can be seen in the below diagram.
With the huge uplift in technology and IoT becoming mainstream, manufactures need to make a conservative effort to ensure that security by design is thought about from day one. People should be looking at the design of products and asking themselves, how could someone break into this? They should even be looking to ethical hackers and brining in companies to sanity check the security of their devices and ensuring that all the easy to find vulnerabilities have been removed.
With security at the forefront of many people’s mind and the increasing number of IoT devices which are being hijacked for malicious intent, it’s only a matter of time until something is done. That time may be now, NIST, has recently released a standard on how people can secure IoT devices, this article can be found here: https://www.nist.gov/news-events/news/2019/08/nist-releases-draft-security-feature-recommendations-iot-devices
Summary
If you have an IoT device or are planning on purchasing one in the near future, check the manufactures website, do they have an area on securing or updating their products, can you do this? If this area is missing or hard to find, it may be advisable to avoid that manufacture or device. However, if you do have one, ensure its regularly kept up to date, change any default credentials as soon as you can and always keep it patched.
Through IASME, a IoT Security certification will be available later in 2020, to help certify devices. Stay tuned for more infromation on this initiative.