Internet of Things :Is It Secure Enough?

Internet of Things :Is It Secure Enough?

Hey everyone! Being a tech lover, innovations always becharm me. We are living in an era where innovations and advancement rule the world. Every day we come across a new excogitation, a new technique that in some or the other way which will make a revolutionary change in our lifestyle. Internet of things is one among such innovations. The concept of connecting the whole world is just awesome! We have lived our past without them but we have become so addicted to it that thinking of the future without its presence is just impossible.

You all may be aware or at least have had heard about the name: IoT. ok so let me explain it in a bit detail . Internet of Things (IoT) is a  device which can be connected to the  internet , having its own unique address(IP address) and has the ability to transfer data over the internet.And importantly it does not require any human intervention,as it all works with the help of sensors. You can  imagine of any device which can be connected over the internet to become an IoT. Seems cool?

An IoT basically consists of sensors and actuactors. The role of sensors is to generate data and actuators helps in the transmission of data( connects with the server).

Here a question arises , why iot?

IoT is an advancement in embedded computer technologies. With the increasing need of automation, we require devices that are meant for specific tasks. And for this installing a computer may not be affordable and also will require high computational power to work on. The reason why iot is so popular is the low cost, low computational power, simple design, increased efficiency.

IoT finds a wide range of applications in our day to day lives. the concept of smart cities , smart homes(smart garage, smart toaster) is today a reality just because of iot. other popular examples are the smart grid, connected cars ( a feature which has proven very useful in the deflation of the accidents which occurred due to  sudden variation in speeds).Iot also finds application in agriculture where it helps in finding the moisture in  the soil. In health care there have being great innovations such as pacemaker which is implanted in the human body and gives every pumping detail of heart to the doctor.

The data which is generated by the sensors of the devices pass via gateway to the data centres where big  data analytics take place in order to give a better user experience.

IoT has made live so easy to some extent , but yes it is rightly said ,”everything has its cons and pros “. And the biggest problem of using an IoT device is the security issues. With the advent of digitization , security has become a matter of concern. When every activity of ours is recorded by something ,maintaining the privacy of user is of utmost importance. But these devices are so vulnerable that in past few years they have been an active participants in DDoS (distributed denial of service) attacks (one such case is the mirai botnet , where the malware known as mirai was used to infect 1 lakhs of IoT ,which brought down twitter server for a day). And the case was so extreme that there were more  IoT botnets instead of PC botnets.

The security challenges faced by most IoT devices

They have a low level of encryption, they work on different ports, mostly don’t contain inbuilt firewalls, work on outdated firmware, most of them have poor physical security( can be dismantled to gain access over the memory) , the problem of account enumeration, lack layered security( 2 factor authentication), a user using default passwords for their devices.

The lack of these security features and the target of the manufacturers to manufacture cheap devices(overlook the security aspects) leads to exploitation of devices by hackers who usually bypass the flaws by privilege escalation , brute force attacks, open ports via UPnP (Universal Plug and Play) attacks, buffer overflow attacks.

We usually deploy our Iot’s on the cloud based platforms for transmission and acquisition of data generated by the sensors. Even if the device is fully secured ,the place where it is being deployed  should be absolutely secure ,because data leakage from the datacentres  can  lead to   compromise of the device exposing the sensitive information or even cause the device to malfunction.

What can we do to enhance the security aspect of the IoT?

The security should start from the point when the plug is on. the system should check for the authentication of the software which is running on the device. There should be strong encryption protocols .RSA (Rivest Shamir Aldeman) algorithm is one of the best examples which uses the concept that it is impossible to factor 100-200 digit number. Elliptic curve based encryption and big box can be other good examples. There should be a inbuilt firewall(enforces policies) in every device which offers packet filtering so that at least packets from unknown sources don’t reach/harm your device. one other way to secure devices can be to isolate sensors and other permissive devices on a virtual LAN. Companies should go for bug bounty programs as they are the best way to find loop holes.

Other interesting feature would be to enable role based access control . In this, every component of the device is assigned some resources to generate a particular data. Even if the hacker by some means gain access to any of the component of the device, he would not be able to control the whole device as all the resources were not allotted to each and every component. As a responsible citizen don’t concentrate on buying cheap products rather focus on buying quality products.

Future is IoT. But an increasing number of these devices will require connection of a number of sensors, gateways, routers which may become unaffordable. Therefore open source would play a crucial role in the deployment. It will promote the velocity of innovation and easy exploration and experimentation.

PS: This port is moved from an old domain(techishot.wordpress.com)

+2

shreyapohekar

I am Shreya Pohekar. I love to build and break stuff. Currently, I'm working as iOS and angular developer. I am also a contributor to CodeVigilant project. My blogs are focused on Infosec and Dev and its how to's.

Leave a Reply