This is the era of the Internet of Things (IoT), where digitally connected devices are intruding on every aspect of our lives, including our homes, offices, cars and even our bodies. IoT is growing at a dangerously fast pace, that by 2020, the number of active wireless connected devices will exceed 40 billion.
Yet along with the many social, economical and environmental benefits, everyday vulnerabilities in IoT are being exploited with malicious intent. More connected devices mean more attack vectors and more possibilities for hackers to target us.
Researchers found that vulnerabilities in monitoring systems like baby monitoring, pet monitoring etc could be leveraged by hackers, including monitoring live feeds, changing camera settings and authorizing other users to remotely view and control the monitor.
Wearables also can become a source of threat to privacy, as hackers can use the motion sensors embedded in smartwatches to steal information, or they can gather health data from smartwatch apps or health tracker devices. Some of the most worrisome cases of IoT hacks involve medical devices and can have detrimental — perhaps fatal — consequences on patients’ health.
To improve security, an IoT device that needs to be directly accessible over the Internet should be segmented into its own network and have network access restricted. The network segment should then be monitored to identify potential anomalous traffic, and action should be taken if there is a problem.
How to protect IoT data
IoT hardware and software makers need to address the entire lifecycle of a device when designing it in order to remove these vulnerabilities.
Secure booting: When a device is booted up, cryptographically generated digital signatures will be used to authenticate the software on the device. This ensures the software is the version that the owner has authorized and approved.
Access control: Limit what data can be accessed on the device by applications and controls. Then, if a component is compromised, the intruder only limited access to the other parts of the device. This minimizes the scope of data breaches.
Device authentication: Before transmitting or receiving data, devices should authenticate themselves on the networks they are connected to. The machine authentication would input credentials found in secure storage similar to a username and password.
Firewalls: Deep packet inspection and firewalls will help manage traffic that terminates at the device. Industry-specific protocols can be used to identify malicious threats from non-IoT protocols.
Updates and patches: Operators need to be able to send out updates in a way that doesn’t impair device security. This must also take into consideration limited connectivity and bandwidth.
With the growth of IoT in the coming years, it’s vital that the necessary security measures grow along with it. It’s also important that consumers are aware of potential security threats so they can protect their data in the best way possible.