The wide adoption of IoT technology is creating additional risks for users
The global IoT market continues to increase, according to a report published by Fortune Business Insights titled. Its size was USD 308.97 billion in 2020 and will reach USD 1,854.76 billion in 2028.
Smart devices can interact with each other without any human interaction. This capability is already empowering novel business models through their involvement in multiple industries.
Unfortunately, the internet of things (IoT) has grown so quickly that cybersecurity requirements were often ignored in a contest that is very complicated due to the lack of industry standardization.
The wide adoption of IoT devices is enlarging the surface of attacks on organizations and individuals. The massive production of cheap smart objects with limited computational capabilities and multi-connectivity features makes it crucial to assess their hardware and firmware.
A vulnerability in the software running in a smart meter or a smart TV could open the doors to a large-scale compromise.
In June 2020, researchers from JSOF reported that hundreds of millions of devices worldwide were potentially vulnerable to remote attacks due to 19 critical and high-severity security vulnerabilities in the Treck TCP/IP stack dubbed Ripple20. Treck TCP/IP is a high-performance TCP/IP protocol suite designed for embedded systems.
The zero-day flaws reside in a popular low-level TCP/IP software library developed by Treck, Inc. used in devices made by more than 100 organizations in various industries.
The flaws could have allowed threat actors to gain remote code execution, carry out denial-of-service (DoS) attacks, and obtain potentially sensitive information.
The presence of vulnerabilities and poor configuration, along with the use of factory settings, can be exploited by threat actors to compromise IoT devices and recruit them in powerful botnets.
In recent years, security firms tracked multiple IoT botnets that were used in various attacks. One of the most popular bots was Mirai, the availability of its source code allowed threat actors to develop their own variant across the year and included new exploits to extend the audience of potential targets.
In recent months, security experts discovered multiple IoT botnets borrowing the Mirai code, such as:
- Gafgyt botnet (also known as Bashlite) targets vulnerable IoT devices like Huawei routers, Realtek routers, and ASUS devices.
- Muhstik botnet leverages known web application exploits to compromise IoT devices, including GPON home router, DD-WRT router, and the Tomato router.
- Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products.
- Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices
A botnet allows threat actors to monetize their efforts in multiple ways, including cryptomining, conducting DDoS attacks, redirecting traffic, stealing data, distributing ransomware, and sending spam.
When dealing with IoT attacks, it is essential to understand their impact on the ecosystems hosting these smart objects. For example, let’s consider the impact of a cyberattack on IoT devices in the healthcare industry, which could pose serious risks to patients.
A cyberattack against IoT devices employed in industrial systems could interfere with operations of the organizations using them and, in the scariest scenarios, cause the paralysis of activities or loss of human lives.
How to protect IoT devices?
The best way to protect IoT devices is to adopt of a Security by Design approach. As remarked by the European Union Agency for Cybersecurity (ENISA), the establishment of secure development guidelines is a fundamental building block for IoT security. The European Agency has released the “Good Practices for Security of IoT” report, which focuses on software development guidelines for achieving security by design. The study proposes how to securely approach every phase of the IoT life cycle, from the collection of the requirements to the maintenance and disposal of these objects.
Experts highlight that using secure Software Development Life Cycle (SDLC) principles allow avoiding vulnerabilities in IoT devices.
The US National Institute of Standards and Technology (NIST) also launched a specific program to secure IoT devices and offered recommendations to both federal agencies and private organizations.
The NIST published four publications (NIST Special Publication (SP) 800-213 and NIST Interagency Reports (NISTIRs) 8259B, 8259C, and 8259D) to help address challenges raised in the IoT Cybersecurity Improvement Act of 2020.
Along with guidelines provided by cybersecurity agencies, it is important to share a few recommendations to reduce the surface of attacks:
- Keep the device up to date by applying security patches and updates released by the vendors. Quickly addressing the vulnerabilities in IoT devices could allow to prevent their exploitation. Many of the IoT botnets analyzed by security experts also target older vulnerabilities that are yet to be fixed.
- Change factory settings, because their knowledge is exploited by threat actors to take over IoT devices in a large-scale campaign. The creation of new credentials is the first step in securing IoT devices.
- Use strong and unique passwords to prevent compromise. Password managers can help users create unique and strong passwords.
- Adopt proactive approaches in addressing Wi-Fi security. Simple suggestions include the adoption of WPA2 security protocol, disabling WPS, and enabling a strong password for Wi-Fi access.
- Apply network segmentation to prevent the spread of threats in case of device compromise and quickly isolate infected systems to avoid lateral movements of the attackers.
- Adopt security solutions and tools specifically designed to protect IoT devices, such as security software that provides multi-layered protection and endpoint encryption. These defense solutions monitor baseline network and device behavior to quickly identify attacks pattern that cause deviations from it.
- Carefully analyze different protocols used by IoT devices in a network. Smart devices support multiple protocols for communications (Bluetooth, NFC, nRF24, LoRA, and optical, infrared communication). Some of them are known to be vulnerable to cyberattacks due to the presence of known issues. The knowledge of the issues affecting the chosen protocol could help administrators in securing the overall environment.
The Internet of Things (IoT) is going to increase the efficiency of almost any industry, but it is also enlarging the surface of attacks. For this reason, it is essential to address existing risks and adopt security measures to prevent future incidents.
IoT technology continues to evolve, and security requirements must be a pillar for future applications.