Internet of Things is a shared ecosystem of interconnected devices, that can talk to each other and share information, without human intervention, to provide insights and improve system’s efficiency. With 1.2 billion IoT devices in 2018 and expected growth to 30 billion by 2021, shows the significance of IoT technology. But with this unprecedented development, comes the risk of security threats. Cybercrime has become a major issue for IoT devices, due to the vulnerabilities in a shared network, and unavailability of a global standard for such devices.
Cybercrime refers to the use of a computer or network as a tool to commit an offense or illegal activity. Cybersecurity deals with the practices and technologies, that are used to prevent such unauthorized access or offenses. Internet Of Things implements a centralized system, where data from all objects and sensors are accumulated in a central server, to provide analytical feedback, to the corresponding system. Due to this, the main server becomes the exposed point of access. Vulnerability in any child node(sensors/objects) can give unauthorized access to the hacker, who can then use it to disable the system or steal private information.
Cyber attacks in the IoT system
Cyber attacks in an IoT system can happen in the following ways:
Counterfeiting refers to illegal manufacturing and distribution of an original product, for the purpose of misleading the recipient into believing that they are getting the real product. Counterfeiting in IoT happens by replacement of smart things, cloning by untrusted parties or firmware replacement attacks. This allows the third party to gather personal data, or sniff into the system network, to gain unauthorized access. With a total amount of counterfeit products reaching 1.2 Trillion USD, it’s one of the most common forms of crime in the society.
- Denial of service (Botnet)
Denial of Service is a type of cyber attack, in which a source(DoS) or multiple sources(DDoS) attacks the system, to deny or destruct the use of services, provided by the system. In IoT, it is achieved with the help of Botnets or Thingbots, where many devices are programmed to request the same service simultaneously. Botnets or Thingbots are a network of systems, controlled by botnet operators via Command-and-Control-Servers (C&C Server), to take control of a system and distribute malware through it. These bots are connected via the internet and are able to transfer data automatically through it. The main aim of botnets is to either crash the target system or make it inaccessible. The biggest IoT botnet attack in history was Mirai botnet attack, that was able to gain access to open Telnet ports via insecure IoT devices, using default username/passwords, and block access to the system.
Other types: Exploit Kits, Targeted attacks, Attacks on privacy
- Eavesdropping (Man-in-the-middle)
In Eavesdropping, a third party or software ‘listens’ to the interactions between 2 or more interconnected devices, due to an insecure communication channel. One example of the active eavesdropping mechanism in the IoT industry is the Man-in-the-Middle attack. The Man-in-the-Middle attack in a concept, in which the hacker attempts to disrupt or breach communication between two systems. It intercepts and transmits data, impersonating as another system secretly so that the actual devices wouldn’t realize, they have been compromised. This has a very dangerous impact on IoT since all the devices are interconnected, so the threat levels are high if any one of the networks is compromised. For example, if a smart door is made to believe, it is interacting with a real owner, it can open the door of your house, leading to the loss of personal belongings.
Other types: IoT communication protocol hijacking, Interception of information, Network reconnaissance, Session hijacking, Information gathering, Replay of messages
- Buffer overflow
Buffer overflow is a type of cyber attack, in which a program tries to write more data to buffer(temporary storage), than it can actually hold, leading to crash. It is the most known vulnerability of any system but still exists in today’s world. Buffer overflow attack happens in IoT devices, due to following reasons:
- Memory: IoT devices are built to be energy efficient, hence small memory buffer, which can be easily overflowed
- Language: Most IoT devices are built on C and C++ language, which doesn’t have a garbage collector, leading to an increase in the risk of buffer overflow.
- Commonality: Businesses tend to buy inexpensive programs for their IoT devices, which shares a common code base, making it more vulnerable to cyber attacks, if any weak spot is found on the common code.
Example: Devil’s Ivy
- Malicious modification
A malicious modification is a type of attack in which the software code or hardware of IoT devices are altered to inflict damage to the system. It happens after the devices are produced, and before it is installed and used, or when any hacker rewrites a piece of code to gain access to or to disrupt the functionality. Such alterations can lead to abnormality or total failure of the system or can be used to steal valuable data from the target.
In Phishing, a hacker tries to obtain your credentials and use it to gain access and cause harm. The most common technique is social engineering hacks, in which a hacker sends a link to the user, usually through email, promising various offers, and makes you divulge your information, or lets you visit a fake site with a striking resemblance to the original one, to gain access to your credentials. Smart devices usually use SSH or SMTP, which can be rigged to send malicious emails, with the help of credentials obtained through phishing.
- Supply Chain attack
Supply chain attack or value-chain or third-party attack, is a type of cyber attack, in which a third party infiltrates your system with access, via outside partner or provider. IoT being a shared ecosystem has lead to more suppliers and provider having access to the sensitive data, making it more vulnerable to such attacks. IoT devices regularly send diagnostics back to the suppliers for predictive maintenance, but it can also act as a back channel to receive sensitive data from those devices. Hackers focus on weaker networks to gain access, by manipulating devices or hardware. These devices then act as a backdoor for the hackers, through which, they can add malware to the system.
Challenges faced by the Internet Of Things in the field of Cyber Security
With the increase of Cybercrimes in IoT field, there is an urgent need to place proper security paradigm in place. However, there are still a few challenges, which are needed to be addressed, before it can be done.
- Massive Quantities of Exposed IoT Devices
With the exponential growth of IoT technology, there is a massive number of IoT devices which are resources deficient, and hence vulnerable to all kind of cyber attacks. These IoT devices have limited capability to run encryption or access control algorithms, due to which DDoS attacks, eavesdropping, or tampering becomes easier. These attacks can cause large-scale security breaches and a huge amount of loss.
- NFV-SDN Integrated Edge Cloud Platform
With the introduction of Edge computing in IoT, Network Function Virtualization (NFV) and Software Defined Networking (SDN) has become a new norm. NFV refers to the ability of edge cloud to dynamically create Virtual machines to perform application-specific processing or to provide firewalls. SDN is used to configure and manage those VM’s in lieu with NFV. The main challenge with these is that they are new evolving technologies, hence not all security measures are in place for them. NFV security issues lie with hypervisor in isolating Virtualized Network Functions (VNF), and its migration across domain boundaries, whereas SDN, is still prone to DDoS attack and malicious injection attack.
- Data Privacy and Security
IoT works by processing sensor data, and more the data, the accurate the analytics. With more IoT devices created every day, it has become difficult to transmit all data to the central server for storage and processing. Edge computing brings centralization to IOT, where all localized data is stored and processed in the client side itself before it is sent to the server. This way, the organization has much more control over the data, but it also raises many security threats. The data stored in edge devices are more susceptible to physical tampering, or DDoS attacks through multiple layers like the perception layer, transport layer, and application layer.
- Edge communication in IoT Devices and offloading
IoT devices usually have smaller memory and processing power, due to its energy efficient build. These lead to the offloading of tasks to another system with more resources, other IoT devices for processing. These transactions often speed up the processing time but bring in additional security threats. Risk of eavesdropping in wireless communication, cross-platform code migration and dynamic scheduling of offloaded task are few of the challenging tasks for such systems. The edge cloud also needs to keep track of the interaction between those devices, to provide adequate resources to the system.
- Trust and Trustworthiness
IoT devices, especially edge devices communicate with each other all the time, to share data. These communications are more prone to malicious attacks. The system needs to find those hijacked devices and networks and fix them. Since basic authentication mechanism is not enough for the security, most of the system uses human-centered digital signature certificates. The issue with such certificates is triggering of recertification, which is time-consuming and expensive. Automated certifications still have a long way to go. Visible and transparent transactions can build trust between communicating devices. A proper trust management system needs to be built for better security and safer interactions.
- Identity and access management
Communication between IoT devices and the central server is the most important part of the Internet Of Things. Since IoT is a shared ecosystem, a lot of third-party systems and suppliers have access to those sensitive data. A proper identity and access management are needed to be built, to provide accurate access to the right people, and reducing the chances of unauthorized access. The system should be able to differentiate between a real and impersonating identity, detect network sniffers and have proper backup setup, in case of failure.
- Global standards
Even though IoT is a shared ecosystem of systems from both the private and public sector, there are no uniform security standards governing it, as of now. To protect the data and underlying mechanics, all business and industries are developing their own umbrella-level cyber risk paradigms. This has lead to the creation of a myriad of standards, which becomes a barrier for interoperability between different system. A closer collaboration with a global standard and governing authority is required for all the systems to interact with each other while maintaining the security.
- Retrofitting with the existing systems
Most of the companies are trying to implement IoT technology over their existing legacy systems, due to its cost effectiveness and reusability, but it also open doors for various security concerns. For one, these legacy systems were built to a standalone system, upgrading them to connect to a shared ecosystem brings many vulnerabilities, due to multiple points of communication, that can also act as a point of failure if proper risk assessment system is not set up. Organizations must accurately access the IoT risk associated, before retrofitting into their systems.
While the importance of Internet Of Things can’t be overstated, the security issue still remains a top priority to be addressed, before it can be widely accepted. Many industries like Deloitte, Cisco, IBM have built their own cybersecurity paradigm, and are working closely to place global standards for IoT system.