The shape of things to come
A growing number of physical household and business objects today have a wealth of sensors, software and processing capabilities that connect to like-minded devices and exchange data with additional systems over the Internet or over networks. These objects and devices have quickly become the norm and are a growing and evolving part of our daily business and smart home operations.
The advent of global 5G networks has an exponential means Rise of connected devices. In recent years, voice-activated lighting and entertainment, urban infrastructure sensors, human-wearable biometrics, home appliances, family vehicles, building heating, building security, and even smart pacemakers have become commonplace in offices, workshops, laboratories, hospitals, and homes. It is predicted that by 2025 there will be a total of 41.6 billion connected IoT devices (I.D.C).
They invariably use a Dynamic Host Configuration Protocol (DHCP) server and use onboard CPUs, network adapters, and firmware to connect using an IP address. While this increases functionality and integration into the devices we use every day, it also adds vulnerability.
With great power…
All manufacturers now have a responsibility to their customers to provide adequate security for the life of their products. This is a new way of thinking for many manufacturers, and they probably haven’t had to deal with the implications of a cybersecurity breach before. For some countries where manufacturing costs are inherently lower and development processes are more ad hoc, this is an entirely new concept.
While black hat hackers targeting our old printers, smart water bottles, refrigerators, or toothbrushes might not sound too worrisome, sometimes these are nodes on a network that can then be used to access more important devices. Access to other devices means they may also gain access to other systems – and consequently critical infrastructure and data. They can also be used as part of a botnet farm of internet-connected devices co-opted to: DDoS attack, by pinging other devices as smaller parts of a single attacking entity. Yes, IoT devices could be turned on and off or put into other operating configurations, but that benign old printer in the corner could also be eating up valuable bandwidth and resources, or that outdated IP web camera could be spying on your network activity.
Of even greater concern is when the same hackers come for our streetlights, medical devices, mobile communications devices, or autonomous vehicles. Without protection, there could be dangerous repercussions in the future. There are already millions of connected devices on the market, and many of them need to be made more secure, future-proof, or supported with patches and security updates. Any vulnerable object could lead to a cybersecurity breach – and as a result, a potential legal claim for negligence.
Any IoT (internet of things) product must be available to accommodate future changes in the security landscape. A Increase in computing power and continued growth of AI/machine learning could be major disruptive factors in the coming years, and smart objects need to be able to update themselves when problems arise while being secure when published. Any product safety must exceed any projected product life expectancy. If you measure the life expectancy of some products such as household appliances or commercial vehicles in decades, that’s no small thing.
Don’t be surprised if a new International Organization for Standardization (ISO) standard comes out in the next few years, guaranteeing that all appropriate cybersecurity precautions have been taken for all new smart devices, and don’t be surprised if the public takes notice quickly and it becomes an important part of their purchasing decision-making process.
User education will be important, and device users will need to adopt security best practices, like changing default security passwords and blocking remote access that is not required for a device to operate – by default. To facilitate this, manufacturers can apply mandatory password changes from the default setting, Multi-Factor Authentication (MFA) or a smart password management policy for devices as default.
It will be critical to protect command-and-control (C&C) server centers from compromise attempts and DDoS attacks through usage Firewalls for web applications (WAF) to protect other connected systems and provide edge filtering that prevents authenticated and authorized requests from progressing. runtime protection should also be used to intercept any additional calls made by applications (and associated devices) to external systems to validate data requests within the app and ensure that they are secure regardless of other security practices and development code provenance. RASP also helps in the fight against zero-day attacks by allowing an app to defend itself without the need for patches or signatures.
Any WAF Services and DDoS mitigation solutions must also be equipped with load balancing and failover functionality to avoid the inevitable spikes in traffic that can occur during the release of a new firmware patch.
While it’s important to consider IoT network security, manufacturers also need to address the issue of IoT encryption (which helps mask data transmitted between IoT edge devices and back-end systems, and the same protecting data at rest) and IoT authentication (accommodating multiple device users and providing authentication mechanisms such as static passwords, MFA or biometrics).
Manufacturers are also required to notify users when their devices are running outdated software and initiate version upgrades when necessary. Consideration should also be given to removing remote device access by default unless required for essential device functionality, and a strict API authorization and authentication policy to further support best practices.
Knowing how our IoT devices could be used and exploited in the future is the responsibility of the manufacturer and producer and we need to think about it now to prevent a catastrophe in just a few years. If you are interested in learning more about future-proof IoT devices, please take a look our IoT security overview for more information, and don’t hesitate to get in touch if you’d like to talk more about IoT and the future of device security. It is in everyone’s interest to prevent an Internet of things being compromised.
How can we prevent an Internet of things being compromised? appeared first on blog.
*** This is a syndicated blog from Security Bloggers Network by Blog written by Nik Hewitt. Read the original post at: https://www.imperva.com/blog/the-internet-of-compromised-things/