Skip to main content

IoT’s Biggest Challenges : Privacy and Security

Everything today from your mobile to refrigerators to cars are interconnected, which made our life easier. This device collectively called IoT. But they have also created new vulnerabilities for hackers. IoT devices are poised to pervasive in our lives than mobile phones and they have access to sensitive personal data may be your credit card number, banking information and many more. As number of IoT devices constantly increase, security risk also increases. Device manufacture’s doesn't care much regarding device security and consumer have to suffer may he can be hacked and there may be severe consequences. A single security concerns on single device can cause multiple concerns when considering multiple IoT devices interconnected together.
IoT devices use some form of cloud service and a mobile application use to access and control device remotely. So it’s very important to understand security risk.
Current Scenario :

Security Risks


Privacy Concerns
Many devices collect personal information like name, address, banking information and health information. Data sent from one device to another as all devices are interconnected may be unencrypted so any hacker can sniff your personal information and network misconfiguration can expose data to world via wireless networks. Cloud service is also a privacy concern. Question is of these devices really need personal information to function properly?
Insufficient authentication and authorisation
Hacker can take advantage of weak password poorly protected credentials, insecure password etc. Most of people tends to keep simple password. Component failed to have strong and complex length password. Generally we find passwords like “1234”, “123456” or “admin”. Weak password we configured are also used on cloud websites and on mobile application.
Lack of Transport Encryption
Transport encryption is crucial as devices which are collecting and transmitting data which are sensitive in nature. Majority of devices failed to encrypt network while transmitting data via internet or local network. The importance of Transport Encryption rises significantly when data is passed between device and cloud and a mobile application.
Insecure Web Interface
These issue is particularly concern for devices that access to devices via a cloud website. Issue like XSS (Cross-site scripting), CSRF (Cross Site Report Forgery), poor session management and weak default credentials. Many devices enable an hacker to determine valid user accounts using mechanism such as password reset features.
Insecure software and firmware
Software is what make these device function, but most of device has issue of no encryption during downloading of the update and update files are also not protected as some downloads can be intercepted, extracted, and mounted as file system in Linux where software can be viewed and modified.

Tips for securing IoT devices


1) Conduct Security Assessment of Device and associated components
Testing such as automated scanning of web interface, manual review of network traffic, reviewing the need of physical ports such as USB, authentication and authorisation test and review of interactions of devices with their cloud and mobile application So find vulnerabilities on your own before some hacker finds it.
2) Implement Security Standards that all device meets before production.
If basic security controls are implemented in beginning it can raise the security bar of device significantly.
3) Ensuring security is maintained throughout the product life-cycle.
Implement security process early so that security is automatically baked in to product. Update play’s major role to any product and when it comes to products end-of-life do best to leave the product as secure as possible to protect your rand and to be good internet thing of citizen.
Labels:

Comments

Post a Comment

Popular posts from this blog

How to Unlock (and Play) Hidden Chess Game Inside Facebook Messenger

What can you do with Facebook Messenger? Chat with your friends Send GIFs, stickers, and photos Make video calls Send people money in Messenger Have you ever wondered to Play a game while you chat with friends? Yes, it is possible. Facebook had made it to the reality by building a hidden built-in functionality in Facebook Messenger that lets you play Chess with your friends without having to install a third-party app. It just takes one simple step to unlock this hidden game. All you need to do is: type " @fbchess play " and hit Enter, during a conversation, and a small square box would appear in the chat box. Here's how to play: The person who initiated the game would be assigned "White" side, to make the first movement. Although there is some standard algebraic notation like:- B for “Bishop” R for “Rook” Q for “Queen” K for “King” N for “Knight” P for “Pawn” Pawns could b
1 comment
Read more

How to Build a Successful Incident Response Plan

The fight to protect your company’s data isn’t for the faint of heart. As an embattled IT warrior, with more systems, apps, and users to support than ever before, keeping everything up and running is a battle in itself. When it comes to preventing the worst-case scenario from happening, you need all the help you can get, despite your super-hero status. According to SANS, there are 6 key phases of an incident response plan. Preparation -  Preparing users and IT to handle potential incidents in case they happen Identification -  Figuring out what we mean by a “security incident” (which events can we ignore vs. which we must act on right now?) Containment -  Isolating affected systems to prevent further damage Eradication -  Finding and eliminating the root cause (removing affected systems from production) Recovery -  Permitting affected systems back into the production environment (and watching them closely) Lessons Learned -  Writing everything down and reviewing
1 comment
Read more

WannaCry:All about WannaCry

Malicious software or "ransomware" has been used in a massive hacking attack, affecting tens of thousands of computers worldwide. Software security companies said a ransomware worm called "WannaCry" infected about 57,000 computer systems in 99 countries on Friday, with Russia, Ukraine, and Taiwan being the top targets. The hack forced British hospitals to turn away patients, affected Spanish companies such as Telefonica, and threw other government agencies and businesses into chaos. How it works: WannaCry is a form of ransomware that locks up files on your computer and encrypts them in a way that you cannot access them anymore. It targets Microsoft's widely used Windows operating system. When a system is infected, a pop-up window appears with instructions on how to pay a ransom amount of $300. The pop-up also features two countdown clocks; one showing a three-day deadline before the ransom amount doubles to $600; another showing a deadline
Post a Comment
Read more