The market for IoT is set to rise to around €250 million in Europe by the end of 2020. However, this increase in the popularity of IoT devices, which in turn has led to an increase in the usage of IoT app development, also comes with its share of issues and challenges.
Manufacturers are out there competing with one another on who can get the best and latest devices out to the consumer first. But while they are doing that, they’re not giving enough time and consideration to the security implications associated with management and data access, as well as the actual device itself.
Thus, of all the security challenges out there, what are the ones that must be paid the most attention to?
1. IoT Security Issues With Update Management
One very huge security risk associated with IoT devices, is the insecurity in firmware and software. Although the manufacturer would typically sell their devices with the latest firmware and/or software, vulnerabilities are always being discovered, which means at some point, that device will become highly susceptible to hackers.
It's for this reason why updates are so important, as they maintain the long term security of the IoT device. However, in order for this to work effectively, new updates must be released, as soon as possible. Still, when you compare IoT devices to computers and smartphones, which receive updates on a regular basis, which in most cases is automated, these IoT devices are found wanting.
Another issue associated with update management is that, while an IoT device is being updated, there’s the potential possibility of the device itself, suffer some downtime, at least for the duration of the update. During this period, the device would naturally become vulnerable, to both malicious files and hackers, so that’s something to think about.
2. Brute-Force Attacks and Default Passwords
The largest and most distributive of DDoS attacks typically use the Mirai botnet. This particular attack pattern is aimed primarily at shipped devices that use their default passwords. This is why it’s so important manufacturers warn their customers to change their passwords, the moment they receive the device.
Delving deeper, I have found that there are some reports that advice manufactures not to sell IoT devices that come with your typical ‘Admin’ ‘Password’ user login credentials.
However, there are no fixed laws that say such companies must do these things, ultimately it’s at the discretion of the manufacturer. This is why such a thing should be made law.
An IoT device that comes with weak login details and credentials, immediately becomes vulnerable to brute-force attacks, from the very moment that you turn the device on.
The main reason why the Mirai malware was as successful as it was, is because it preyed on this reality, by singling out those IoT devices that use weak login credentials in order to infiltrate them.
So, in short, any company that acquires an IoT device and doesn’t take the appropriate steps to change its default credentials, is immediately placing that business and its assets at risk to hackers who deploy brute-force attacks.
3. Botnet Attacks
An IoT device that is infected with malware, poses only a small threat, simply because it’s just one device, but when you have a collection of infected IoT devices that’s when the real trouble starts. In order to carry out a botnet attack, the hacker must create hundreds or thousands of little bots that infect the target using malicious files, which direct it to send out thousands of requests, this in turn ends up bringing down the device, network, system, etc.
The Mirai bot attack, which I previously mentioned, is what caused most of the concern centred on these kinds of attacks. These DDoS attacks however, work by using hundreds, even thousands of different home routers, IP cameras, NAS, all infected with the same malicious file, directed to bring down a specific DNS, which may be providing service to a notable platform like Netflix or Twitter.
The main issues with IoT devices is that they are highly vulnerable to malicious attacks. This is because, they are not regularly updated with the latest security patches, like our computer systems. As a result, over time they become infected with many different virus files, which results in them becoming virus hubs in waiting, for when they can be used to carry out the bidding of the hacker.
What makes it even worse is that botnets are capable of posing a threat to manufacturing plants, electric grids, water treatment plants, transportation systems, and many more, all of which large groups of people depend upon. For example, hackers could create a nation-wide blackout, by trigging a heating and cooling issue, resulting in temperature spikes on the national grid.
Manufacturers are out there competing with one another on who can get the best and latest devices out to the consumer first. But while they are doing that, they’re not giving enough time and consideration to the security implications associated with management and data access, as well as the actual device itself.
Thus, of all the security challenges out there, what are the ones that must be paid the most attention to?
1. IoT Security Issues With Update Management
One very huge security risk associated with IoT devices, is the insecurity in firmware and software. Although the manufacturer would typically sell their devices with the latest firmware and/or software, vulnerabilities are always being discovered, which means at some point, that device will become highly susceptible to hackers.
It's for this reason why updates are so important, as they maintain the long term security of the IoT device. However, in order for this to work effectively, new updates must be released, as soon as possible. Still, when you compare IoT devices to computers and smartphones, which receive updates on a regular basis, which in most cases is automated, these IoT devices are found wanting.
Another issue associated with update management is that, while an IoT device is being updated, there’s the potential possibility of the device itself, suffer some downtime, at least for the duration of the update. During this period, the device would naturally become vulnerable, to both malicious files and hackers, so that’s something to think about.
2. Brute-Force Attacks and Default Passwords
The largest and most distributive of DDoS attacks typically use the Mirai botnet. This particular attack pattern is aimed primarily at shipped devices that use their default passwords. This is why it’s so important manufacturers warn their customers to change their passwords, the moment they receive the device.
Delving deeper, I have found that there are some reports that advice manufactures not to sell IoT devices that come with your typical ‘Admin’ ‘Password’ user login credentials.
However, there are no fixed laws that say such companies must do these things, ultimately it’s at the discretion of the manufacturer. This is why such a thing should be made law.
An IoT device that comes with weak login details and credentials, immediately becomes vulnerable to brute-force attacks, from the very moment that you turn the device on.
The main reason why the Mirai malware was as successful as it was, is because it preyed on this reality, by singling out those IoT devices that use weak login credentials in order to infiltrate them.
So, in short, any company that acquires an IoT device and doesn’t take the appropriate steps to change its default credentials, is immediately placing that business and its assets at risk to hackers who deploy brute-force attacks.
3. Botnet Attacks
An IoT device that is infected with malware, poses only a small threat, simply because it’s just one device, but when you have a collection of infected IoT devices that’s when the real trouble starts. In order to carry out a botnet attack, the hacker must create hundreds or thousands of little bots that infect the target using malicious files, which direct it to send out thousands of requests, this in turn ends up bringing down the device, network, system, etc.
The Mirai bot attack, which I previously mentioned, is what caused most of the concern centred on these kinds of attacks. These DDoS attacks however, work by using hundreds, even thousands of different home routers, IP cameras, NAS, all infected with the same malicious file, directed to bring down a specific DNS, which may be providing service to a notable platform like Netflix or Twitter.
The main issues with IoT devices is that they are highly vulnerable to malicious attacks. This is because, they are not regularly updated with the latest security patches, like our computer systems. As a result, over time they become infected with many different virus files, which results in them becoming virus hubs in waiting, for when they can be used to carry out the bidding of the hacker.
What makes it even worse is that botnets are capable of posing a threat to manufacturing plants, electric grids, water treatment plants, transportation systems, and many more, all of which large groups of people depend upon. For example, hackers could create a nation-wide blackout, by trigging a heating and cooling issue, resulting in temperature spikes on the national grid.
Warning ⚠
TechyBarn Blog and its contents are protected by COPYRIGHT LAW (DMCA) with high-priority response rate. Reproduction without permission or due credit link back will cause your article(s) to be removed from search engines and disappearance of Ads on that page if monetized with Adsense.
Copy the link below and Share with your Friends:
| Article Name | Top 3 Biggest IoT Security Issues Today |
| Description |
|
| Author Name | OKORO IFEANYI |
| Published On | December 04, 2019 |
| Post Category |
Tech
|
Download Our Official Android App on Google Playstore HERE
OR
Download from another source HERE
Join our Active Telegram Group chat for latest updates - Click to Join
Get Our Free Browsing Tweaks via Sms. Kindly sms Follow Techybarnblog to 40404. On Any Network And Sms is free.
OR
Download from another source HERE
Join our Active Telegram Group chat for latest updates - Click to Join
Get Our Free Browsing Tweaks via Sms. Kindly sms Follow Techybarnblog to 40404. On Any Network And Sms is free.
About Techy BarnTechy Barn Is A Top Tech Blog That Provides Free And Cheap Browsing Cheats On Mtn, Etisalat, 9mobile, Glo And Airtel, Latest Phone And PC Updates, Tweaking Guides And Tech News.
No comments:
After dropping your comment, keep calm, it may take minutes before it appears after moderation.
You want to get notified when i reply your comment? Kindly tick the "Notify Me" box.