New cyber threats could emerge from anywhere across the globe and might get your new connected car to over speed or your heart pacemakers to pace a bit faster. This may sound regular and a repeated story but one must understand the risk landscape before implementing an IoT solution to a well-studied problem. This article is written based on the insights given by Avik Chowdhury, Security Analyst, Dover Corporation on IoT incident response planning and execution.
There are a number of diffusions happening in the IoT world or in simple words number devices getting connected to the internet today are staggering. The more the number of devices, greater the threats. On the same page, the number of attackers, both hobbyists (white hat hackers) and black hat hackers are on the rise. No one can know who can turn to the other side. Attackers are finding more sophisticated ways of penetrating networks and devices through malicious codes and hacks while maintaining confidentiality and no trace.
Is security the way in or way out?
Given today, every person on this planet either living in urban, suburban or rural has at least one device that is connected or has potential to connect to the internet. These devices are part of our daily life to such an extent that they become an extension of us. Attackers and hackers are trying to exploit privacy and related data for the exchange of money in the grey market.
Not only individuals, but businesses can fall prey to such exploits. Traditionally, Businesses have made mistakes of building IoT solutions with basic security features overlooking some threats. Some valuable lessons were learned by them in the past which led them to formulate threart landscpae and its elements in details.
Threat landscape elements:
- Physical environment: includes the tangible components of IoT such as sensors, gateways, datacentre, which may face physical damage, unauthorized access, theft, or loss of components.
- Data environment includes data and information theft, vulnerable to attacks on the network, data confidentiality.
- Legal and regulatory: failure in implementing standard security protocols. There must be auditing in place and accountability must be set to ensure privacy and attack
- Security and privacy: these including privacy in data collection, as well as data sharing and management.
- Internal employees: Employees who would have access to crucial information must be trained and enforce info-security as a best practice. They must not exploit codes and scripts and report system vulnerabilities.
Challenges of combatting IoT crimes
Despite all the efforts, it has become a known fact to everyone that anything digital could be hacked. Right from targeting computers, medical devices, smart kitchen appliances, smart cars, patient monitoring system to devices in the connected pool could be easy targets. Brute force attacks are becoming more common. Users unknowingly download malicious programs, codes in their computer or smart device and once they link them to the home network to interact with appliances, even the most sophisticated smart home can become an easy prey.The conditions worsen if the stolen information could be used to put human life at risk. Keeping all this in mind, it is necessary to be one step ahead to the attackers and necessary to tap into all resources to fortify security through new approaches.
IoT threats cannot be easily detected and most of the times it is very hard to find evidence to it. More challenging is to find the sequence of what happened where (right from end-point devices to the cloud server), which part of it was attacked first and what was the end result that created the anomaly. There are relevant laws and regulations in place today and a forensic expert can classify the attacks in the three regions that IoT is made up of, starting with the type of attack that they find similarity with. The second would be to find out whether the IoT device itself went rogue or someone exploited its vulnerability and made it a tool to carry out malicious functions. The third one would be analyzing the security features that are in places such as an antivirus or a protocol analyzer that would log spikes in the network usage.
How to plan and execute an IoT incident response
The IoT incident response management procedures in IoT threat scenarios are new concepts and vary according to use cases. It derives most of its line of action as to an IoT incident response management protocols. To understand better, a team of experts attacked a smart home to demonstrate how the attack might take place and how to react to it. They attacked a Wifi based LightwaveRF PC link, which is commonly used in home automation. The first step to this would be cracking the Wifi password which will give one the access to the local network.
Once the network is compromised, the experts could make an assumption that a weak passcode would have been the reason as part of the investigation. Then the experts can succeed in installing an infected firmware into the smart home lightewaveRF device by exploiting one of its address resolution protocol. Now, this enabled protocol takes control of all the linked devices just by spoofing the packets which were redirected from another Trivial File Transfer Protocol (TFTP) server. Experts could now find that this hub itself could be used as a tool to cause harm to the system and the only resolution is to inform the manufacturer or the vendor of this device to fortify their security protocols to avoid mass scale of attacks. This is a perfect example of a man in the middle (MITM) attack where the attacker bypasses your commands and relays his instructions to the connected devices while the user feels everything is fine and secure.
The following need to be kept in mind before, while and after installing IoT based devices for generic purposes which most people neglect:
- Disable features and connected devices when not in use. Also, disable remote access to IoT devices to be n safer side.
- Isolate IoT devices and keep them on a separate network if possible
- Using strong/unique passwords and changing them at regular intervals of at least three months
- Home-based networks are susceptible to brute force attacks. It is to be made sure that verified routers are bought and installed
- Making sure devices run on the latest firmware
Future of security in IoT
IoT is expanding faster to various sectors which were not connected yet. New threats and never before seen sophisticated attacks are also on the rise. The conclusion here would be to create smart IoT incident response management protocols by learning from them and mitigating them as it comes. IoT security is a firefight zone that will require a lot of expertise to keep things from going wrong and harming us.
For more such interesting stories, read more.