IoT Security: Exploring Risks and Countermeasures Across Industries
By Purav Patel, eInfochips
The Internet of Things (IoT) has transformed our way of living and working, enabling greater convenience and efficiency through connected devices and systems. Projections indicate that the worldwide number of IoT devices will nearly triple, rising from 9.7 billion in 2020 to over 29 billion by 2030. However, with the widespread adoption of IoT technology comes increased concerns about security.
The security concern was also highlighted in CNBC’s article which says," According to cybersecurity specialists, the swift expansion of IoT (Internet of Things) gadgets in 2022 may have signaled a turning point. Hackers can exploit cars and medical devices, which are essential to daily life and have security vulnerabilities.”
IoT devices serve as a primary access point for numerous attacks, as stated in Microsoft's Digital Defense Report 2022. The report highlights that despite the increasing security of IT software and hardware, IoT security has not progressed at the same rate.
This blog aims to investigate the impact of IoT security on various domains, from personal devices to critical infrastructure, and analyze potential measures to mitigate the associated risks.
Introduction to IoT Security: Why It Matters
As the number of connected devices continues to increase, IoT security has emerged as a major concern for both businesses and individuals. Hackers and cyber criminals are drawn to the vast amounts of data that these devices collect and share, making them an attractive target. For instance, even a simple IoT device like a baby monitor can be exploited to gather sensitive information such as credit card numbers or spy on a family.
Recently, Sonic Wall's report revealed that there was a 77% rise in malware attacks on IoT/Connected Devices during the first half of 2022. The report also stated that while ransomware attacks declined by 23%, there was an increase of 30% in cryptojacking attacks and 19% in intrusion attempts.
Although IoT devices offer numerous benefits, it is crucial to consider the associated risks. One of the most significant threats to IoT security is the lack of encryption on regular transmissions. Many IoT devices transmit data without encryption, enabling unauthorized access to sensitive information and credentials.
The utilization of malware by cyber criminals to take over IoT devices or connected machines and engage in malicious activities has become a common occurrence across a variety of industries, including automotive, manufacturing, consumer electronics, agriculture, retail, and healthcare. Given the sensitive and confidential nature of the information stored within these industries, implementing IoT security solutions is crucial to safeguard against such threats, leading to an increase in the market demand for IoT security.
Image courtesy: IoT Security Threats and Solutions (einfochips.com)
Going forward, this write-up will present instances of companies from various domains leveraging IoT devices, how they were affected by cyberattacks, and countermeasures to improve IoT security in your company.
Healthcare Industry: The healthcare sector is grappling with the repercussions of IoT security issues in several ways. One of the primary concerns is maintaining the privacy and security of patient data. As the usage of IoT devices in healthcare continues to increase, the chances of patient data being compromised also rise. Additionally, the safety of medical devices is also at risk. IoT devices are commonly utilized to monitor and control medical equipment, and if they are not appropriately secured, attackers may exploit them to access private patient information.
In November 2022, a cyberattack struck the All-India Institute of Medical Sciences New Delhi (AIIMS), causing extensive damage to its servers and the National Information Center's eHospital network. The attack resulted in the manual management of all functions, including emergency, ambulatory, inpatient, and testing areas, for more than a week. The Delhi Police's Intelligence Fusion and Strategic Operations unit registered a case of cyber terrorism and extortion but refuted any claims of AIIMS receiving a ransom demand of Rs 200 crores in cryptocurrency, which is typical in ransomware attacks. It is necessary to investigate the motive behind the attack and assess the readiness of organizations and systems for cybersecurity threats.
Retail Industry: The retail industry is intriguing due to its continuous adoption of modern technologies to improve efficiency and enhance the appeal of their products to consumers. Among the latest technologies making an impact on the retail sector is the internet of things (IoT).
A case in point is the January 2021 breach in which a 70-gigabyte SQL backup file belonging to Bonobos, a Walmart clothing subsidiary, was stolen from a third-party cloud provider and shared on a hacker forum. The stolen data included 7 million shipping addresses, 1.8 million registered customer accounts, and 3.5 million partial credit card records.
Manufacturing Industry: Manufacturers are extremely concerned about the security of IoT. The more connected devices and data collected, the greater the risk of security breaches. The manufacturing industry is being impacted in numerous ways due to IoT security, with data theft being a major concern. Hackers can now more easily access collected data due to the proliferation of connected devices.
For instance, multinational aluminum manufacturer Norsk Hydro, which operates in 40 countries, had to shut down several plants following a LockerGoga ransomware attack. The attack had a detrimental effect on IT systems in various business functions, including smelting plants situated in Norway, Qatar, and Brazil.
Automotive Industry: IoT security is a hot topic in the automotive industry. As cars become more connected, there is a greater risk for hacking and data theft. A report in CNBC stated that even a company like Toyota had to stop their operations in of its plants due to a cyber-attack last February.
Image source:Automotive IoT Security – An Inevitable Factor in Growing Market of Connected Vehicle Ecosystem (einfochips.com)
According to security week, a team of seven security experts has discovered several vulnerabilities in vehicles manufactured by 16 car makers, allowing them to control car functions and start or stop the engine. Furthermore, the researchers revealed that numerous other security defects enabled them to access car makers’ internal applications and systems, which resulted in the exposure of personally identifiable information (PII) of customers and employees, as well as account takeover. The hacks targeted infrastructure, telematic systems, and automotive APIs. The affected car models included premium brands from Ferrari to BMW to even Rolls Royce. The car makers were notified, and they have released patches to fix the security issues.
Consumer Electronics Industry: As the Internet of Things (IoT) continues to grow, the need for improved security measures is also increasing. This is particularly true for the consumer electronics market. It not only puts the companies at risk but even the individuals purchasing the electronics.
There have already been several instances of high-profile security breaches concerning IoT devices. For example, in 2016, the Mirai botnet hijacked hundreds of thousands of devices, including numerous consumer electronics.
There are different ways to improve IoT security
Ensuring the security of the network, data, and devices connected to the Internet of Things (IoT) is the primary concern. Thus, providing IoT security presents a significant challenge in safeguarding devices against malicious attacks and unauthorized access. The IoT is now deeply integrated into our daily lives as an increasing number of devices connect to the internet, making IoT security a top priority. IoT devices offer enhanced user convenience.
- Keep your devices secure by installing the latest security patches regularly.
- Segment your network to prevent unauthorized access and attacks.
- Use strong passwords for accessing software and implement multifactor authentication to enhance security.
- Take a layered approach to security by using multiple security measures, such as firewalls, antivirus software, and intrusion detection systems.
- Do not rely on default security settings, which may be vulnerable to attacks.
- Maintain a global access map to track and control access to your network and devices.
- Ask the manufacturer about SSL/TLS and use encrypted protocols to protect data in transit.
- Restrict internet usage on connected devices to enhance security.
- Protect important data by blocking programs behind a firewall or restricting the use of certain software features.
- Install the most recent software on all network-connected devices to stay up to date with security features.
- Create a separate network for IoT devices to prevent unauthorized access to other devices.
- Implement security measures that ensure IoT-connected devices cannot be easily spoofed, such as assigning unique IDs to each device.
Conclusion:
In conclusion, IoT security is a growing concern for individuals and organizations alike. As the number of devices connected to the internet continues to grow, so does the potential for security breaches. While there are many ways to secure IoT devices, it is important to consider all aspects of security when deploying these devices. By doing so, organizations can ensure that their devices are protected from potential threats.
References:
- IoT Security Threats and Solutions (einfochips.com)
- Automotive IoT Security – An Inevitable Factor in Growing Market of Connected Vehicle Ecosystem (einfochips.com)
- https://www.cnbc.com/2023/01/09/the-dark-webs-criminal-minds-see-iot-as-the-next-big-hacking-prize.html
- https://indianexpress.com/article/opinion/columns/aiims-cyber-attack-national-security-subimal-bhattacharjee-8298134/
- https://www.bleepingcomputer.com/news/security/bonobos-clothing-store-suffers-a-data-breach-hacker-leaks-70gb-database/
- https://news.microsoft.com/transform/hackers-hit-norsk-hydro-ransomware-company-responded-transparency/
- https://www.techtarget.com/searchsecurity/essentialguide/How-the-Mirai-botnet-changed-IoT-security-and-DDoS-defense
- https://www.theregister.com/2018/06/22/baby_monitor_hacked/
- https://www.comparitech.com/vpn/cybersecurity-cyber-crime-statistics-facts-trends/
Author Bio –
Purav Patel - Purav Patel works as an Engineer at eInfochips in the Cybersecurity domain. A Certified Ethical Hacker with experience in Web Application Penetration Testing, he also holds a bachelor’s degree in cyber security.
If you wish to download a copy of this white paper, click here
|
Related Articles
New Articles
- Quantum Readiness Considerations for Suppliers and Manufacturers
- A Rad Hard ASIC Design Approach: Triple Modular Redundancy (TMR)
- Early Interactive Short Isolation for Faster SoC Verification
- The Ideal Crypto Coprocessor with Root of Trust to Support Customer Complete Full Chip Evaluation: PUFcc gained SESIP and PSA Certified™ Level 3 RoT Component Certification
- Advanced Packaging and Chiplets Can Be for Everyone
Most Popular
- System Verilog Assertions Simplified
- System Verilog Macro: A Powerful Feature for Design Verification Projects
- UPF Constraint coding for SoC - A Case Study
- Dynamic Memory Allocation and Fragmentation in C and C++
- Enhancing VLSI Design Efficiency: Tackling Congestion and Shorts with Practical Approaches and PnR Tool (ICC2)
E-mail This Article | Printer-Friendly Page |