Skip to main content

IoT’s Biggest Challenges : Privacy and Security

Everything today from your mobile to refrigerators to cars are interconnected, which made our life easier. This device collectively called IoT. But they have also created new vulnerabilities for hackers. IoT devices are poised to pervasive in our lives than mobile phones and they have access to sensitive personal data may be your credit card number, banking information and many more. As number of IoT devices constantly increase, security risk also increases. Device manufacture’s doesn't care much regarding device security and consumer have to suffer may he can be hacked and there may be severe consequences. A single security concerns on single device can cause multiple concerns when considering multiple IoT devices interconnected together.
IoT devices use some form of cloud service and a mobile application use to access and control device remotely. So it’s very important to understand security risk.
Current Scenario :

Security Risks


Privacy Concerns
Many devices collect personal information like name, address, banking information and health information. Data sent from one device to another as all devices are interconnected may be unencrypted so any hacker can sniff your personal information and network misconfiguration can expose data to world via wireless networks. Cloud service is also a privacy concern. Question is of these devices really need personal information to function properly?
Insufficient authentication and authorisation
Hacker can take advantage of weak password poorly protected credentials, insecure password etc. Most of people tends to keep simple password. Component failed to have strong and complex length password. Generally we find passwords like “1234”, “123456” or “admin”. Weak password we configured are also used on cloud websites and on mobile application.
Lack of Transport Encryption
Transport encryption is crucial as devices which are collecting and transmitting data which are sensitive in nature. Majority of devices failed to encrypt network while transmitting data via internet or local network. The importance of Transport Encryption rises significantly when data is passed between device and cloud and a mobile application.
Insecure Web Interface
These issue is particularly concern for devices that access to devices via a cloud website. Issue like XSS (Cross-site scripting), CSRF (Cross Site Report Forgery), poor session management and weak default credentials. Many devices enable an hacker to determine valid user accounts using mechanism such as password reset features.
Insecure software and firmware
Software is what make these device function, but most of device has issue of no encryption during downloading of the update and update files are also not protected as some downloads can be intercepted, extracted, and mounted as file system in Linux where software can be viewed and modified.

Tips for securing IoT devices


1) Conduct Security Assessment of Device and associated components
Testing such as automated scanning of web interface, manual review of network traffic, reviewing the need of physical ports such as USB, authentication and authorisation test and review of interactions of devices with their cloud and mobile application So find vulnerabilities on your own before some hacker finds it.
2) Implement Security Standards that all device meets before production.
If basic security controls are implemented in beginning it can raise the security bar of device significantly.
3) Ensuring security is maintained throughout the product life-cycle.
Implement security process early so that security is automatically baked in to product. Update play’s major role to any product and when it comes to products end-of-life do best to leave the product as secure as possible to protect your rand and to be good internet thing of citizen.

Comments

Popular posts from this blog

How to Unlock (and Play) Hidden Chess Game Inside Facebook Messenger

What can you do with Facebook Messenger? Chat with your friends Send GIFs, stickers, and photos Make video calls Send people money in Messenger Have you ever wondered to Play a game while you chat with friends? Yes, it is possible. Facebook had made it to the reality by building a hidden built-in functionality in Facebook Messenger that lets you play Chess with your friends without having to install a third-party app. It just takes one simple step to unlock this hidden game. All you need to do is: type " @fbchess play " and hit Enter, during a conversation, and a small square box would appear in the chat box. Here's how to play: The person who initiated the game would be assigned "White" side, to make the first movement. Although there is some standard algebraic notation like:- B for “Bishop” R for “Rook” Q for “Queen” K for “King” N for “Knight” P for “Pawn” Pawns could b...

Internet of Threats!

T he Internet of Things (IoT) is continuing to gain traction with an ever-increasing number of connected devices coming to market. But as tech-savvy consumers begin investing in their first devices for a connected home, what is to stop them becoming a cyber attacker's next target? While still uncommon, we know that cyber attackers are going after connected consumer devices, demonstrated on a massive scale by the group of Russian hackers who published thousands of live-streaming webcam footage from over 250 countries. Unless the manufacturers of connected devices take a holistic approach to bolstering their cyber security efforts, these types of attacks will increase in number. To gain a greater understanding of the cyber security risks that consumers could be exposing themselves to, research was conducted into the cyber security posture of six ‘always-on’ consumer IoT devices. The results were unsettling. Veracode carried out a set of uniform tests across all the...