Different IoT threats and attacks; how to apply countermeasures to prevent devices from IoT attacks.

Introduction

Over the past few years, IoT has become one of the most critical technologies of the 21st century. It offers low-cost computing, data analytics, and various mobile technologies. Due to this, ‘things’ can collect data with minimal human interaction. Being low cost also means that there has not been enough attention to the device's security. IoTs lack of security is responsible for additional attack vectors and increased attack surface. 

Definition

Internet of things (IoT): are physical objects (or groups of such objects) that are embedded with sensors, processing ability, software, and other technologies that connect and exchange data with other devices and systems over the Internet or other communications networks  

Threats and Attacks on IoT Devices

Remote Access: This is one of the significant IoT security flaws. Most of the IoT devices use insecure network services such as TELNET. Such insecure network services running on the device itself, especially those exposed to the internet, can easily compromise the confidentiality, integrity, availability of information, or allow unauthorized remote control.

Attackers can exploit an open TELNET port to obtain information shared between the connected devices. For instance, a hacker can attack a smart camera in an organization and record video footage of everyday business activities. With this approach, cybercriminals can acquire confidential business information secretly. 

Man-in-the-Middle: In this attack, the attacker pretends to be a legitimate sender who intercepts all the communication between the sender and receiver and hijacks the communication. Such hijacking is possible due to Insecure Ecosystem Interfaces.

Insecure web, backend API, cloud, or mobile interfaces outside the device's ecosystem compromise the device or its related components. Common issues include a lack of authentication/authorization, weak encryption, and a lack of input and output filtering. 

Use of easily brute-forced, publicly available, or unchangeable credentials, including backdoors in firmware or client software, grants unauthorized access to deployed systems. Such vulnerabilities are the golden opportunities for the attacker to initiate MITM.

Social engineering: Hackers use social engineering to manipulate people into giving up sensitive information such as passwords and bank details. It is challenging to execute, as the attacker needs to gain the target's trust to expose the critical information. But these attacks can be easily accomplished with the help of IoT devices. 

IoT devices, such as wearables collect Personally Identifiable Information (PII) to enhance the user's personalized experience. However, attackers can easily access PII due to insufficient privacy protection or stored insecurely, improperly, or without permission. Due to this, the attacker gains critical information such as bank details, purchase history, and the target's home address.  

Advanced Persistent Threats (APTs): APTs are a significant security concern for various organizations. It is a targeted attack where an attacker gains unauthorized access to a network and stays undetected for a prolonged period. The primary goal of the attacker is to gain additional information of the network architecture, capture critical data and monitor network activity.

To prevent APTs, organizations enforce strict policies and implement various solutions. But most fail to secure IoT devices. Large volumes of critical data are effortlessly transferred among several devices, which eases the attacker from navigating the network. This is because of a lack of encryption or access control of sensitive data anywhere within the ecosystem, including at rest, in transit, or during processing.

IoT devices act as a checkpoint for attackers to maintain unauthorized access to the network and extraction points to move data outside the network. 

Countermeasures

·        Avoid Universal Plug & Play: The principle of UPnP is to make it easier to connect to the network devices without additional configuration; furthermore helps them automatically discover each other. However, this benefits hackers more than the user, as with the use of UPnP ability, the attacker can find all IoT and other personal devices beyond the local network. Hence, it is recommended to avoid Universal Plug & Play. 

·        Enabling End-to-end encryption and using Public critical infrastructure helps maintain the confidentiality of the data. This is one of the security solutions for countering APTs. As the data appears garbage to any intruder, cracking the encryption without the actual key is exceptionally challenging. 

·        Enable the ‘Lock Out’ feature since most IoT devices are equipped with unsecure/common passwords that can be easily cracked with the Brute force method. Enabling the Lock Out feature can quickly mitigate this problem by limiting the number of failed attempts. This may also act as an IoA (Indicator of Attack)  

·        Configuring and Monitoring the IoT device is a crucial and critical task. IoT devices need to be configured to not collect or store any information in their memory. This mitigates the threats of Social engineering and other dangerous attacks. 

Conclusion

Implementing IoT technology yields both opportunities and security risks. With an increasing demand for IoT devices, making a vulnerable device secure is highly challenging. A careful security risk assessment must precede any IoT implementation to ensure confidentiality, integrity, and availability.