IOT(Internet Of Things):Threats And Countermeasures
IOT seems to be buzz word in IT and business at the moment.Simply put, IoT is defined as everyday objects with computing devices embedded in them that have a means to send and receive data over the internet.
Internet of Things devices have many applications that are designed to make life easier and simpler. Think of engineers being able to access a device, perform remote diagnosis and remediating any issue. This is after the device has informed the engineering team of an impending issue before it becomes a major problem! Some example is being able to turn the lights on in your house or heating before coming home using your smartphone.
The data exchange over the internet comes security issues. Here we will discuss about some security issues with IoT devices and some suggested countermeasures.
1)Insecure Web Interface
The security issues with the web interfaces built into IoT devices that allows a user to interact with the device, but at the same time could allow an attacker to gain unauthorized access to the device.
This area deals with ineffective mechanisms being in place to authenticate to the IOT user interface and/or poor authorization mechanisms whereby a user can gain higher levels of access then allowed.
3)Insecure Network Services
This point relates to vulnerabilities in the network services that are used to access the IoT device that might allow an intruder to gain unauthorized access to the device or associated data. Most common security vulnerabilities that could lead to this issue include
4)Lack of Transport Encryption
This vulnerability deals with data being exchanged with the IoT device in an unencrypted format. This could be easily lead to an intruder sniffing the data and either capturing this data for later use or compromising the device itself.
It defines the collection of personal data in addition to the lack of proper protection of that data. It is easy to discover by simply reviewing the data that is being collected as the user sets up and activates the device. Different automated tools can also look for some specific patterns of data that may indicate collection of personal data or other sensitive data
6)Insecure Mobile Interface
Weak authentication or unencrypted data channels can allow an attacker access to the device or underlying data of an IoT device that uses a vulnerable mobile interface for user interaction