SlideShare a Scribd company logo

Debunking IoT Security Myths

C
cumulocity

This document debunks common myths about Internet of Things (IoT) security. It discusses that IoT devices pose unique security challenges due to their large numbers, limited control and heterogeneity. Common myths addressed include that devices must be servers, VPNs alone can ensure security, and that any one protocol is inherently more secure. The document recommends translating typical security practices to the IoT context, including physical security of devices, secure network configurations, and using devices as clients to authenticated cloud services rather than standalone servers.

Technology
Related topics:
Internet of Things
1 of 15
Downloaded 57 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Debunking IoT Security Myths © Cumulocity GmbH 2014 André Eickler
Overview • What is Cumulocity? • What is the Internet of Things (IoT)? • What security challenges are there? • What common myths are there? • What you can do! © Cumulocity GmbH 2014
What is Cumulocity? Where do we come from? • Started 2010 as Nokia Networks product line. • Independent company since 2012. • Originally targeted to the very security-aware telco industry. What do we do? • Cloud service to fundamentally reduce the complexity of deploying Internet of Things solutions. • Pay-as-you-grow starting from €1/device/month. © Cumulocity GmbH 2014
What is Cumulocity? © Cumulocity GmbH 2014
What is the Internet of Things? Asset + Device + Application © Cumulocity GmbH 2014
What security challenges are there? IoT devices are where your assets are. • Limited physical control over device and network connection. • “Data center distributed all over the country.” IoT devices are extremely heterogeneous. • Little standardization, thousands of manufacturers and platforms. • “BYOD to the max.” IoT devices come in billions. • … at least if the analysts are right. • Great target for dDoS. © Cumulocity GmbH 2014
What security challenges are there? IoT devices may control the physical world. • Production plants, cars, wheel chairs, … • Extremely attractive target for attacks. IoT business cases often rely on cheap devices. • Low-end devices make communication security difficult. • Often no remote patching or upgrade facility. • Mobile M2M tariffs are counted by the KB, SSL/VPN overhead unwanted. © Cumulocity GmbH 2014
What common myths are there? Actual issues are no surprise to security experts, but … • They are not viewed from the context of IoT. • They are misunderstood even by renowned publishers. © Cumulocity GmbH 2014
© Cumulocity GmbH 2014 IPSO Power Control c’t 09/13, p.98 Myth #1: The “thing” must be a server
Myth #1: The “thing” must be a server © Cumulocity GmbH 2014 Device is Server Device is Client Security Very High Risk No open port => lower Optimal for Actuators Sensors Data sharing By device (not in mobile!) By server Data Access & Scaling Difficult to impossible Easy and cheap Addressing Static IP Dynamic & Private IP Consequence Requires VPN Requires Device Push
Myth #2: A VPN solution is enough for security © Cumulocity GmbH 2014
Myth #2: A VPN solution is enough for security • Industrial-level attacks often come from insiders – IoT is just a new dimension. • IoT devices are often unattended and a VPN setup may be used as entry point into the corporate network. • Mobile IoT devices can be still attacked through SMS (reconfiguration, redirection, DoS). • VPN causes expensive overhead on mobile, customers complain about an extra 10-90 MB of traffic per month. © Cumulocity GmbH 2014
Myth #3: My protocol is better! © Cumulocity GmbH 2014
What you can do! Translate your security practices to the IoT world. I.e., • Check physical security. – USB/serial/LAN ports on devices in public places? – Tamper sensors included? • Check network security. – Switch off SMS on the device or use a secure SMS service. – Switch off local/web element managers. – Replace standard/static passwords. • Check application security. – Validate device protocol. Use device only as client to a secure IoT service with individual credentials. © Cumulocity GmbH 2014
What you can do! Don’t reinvent the wheel, pick an IoT middleware … © Cumulocity GmbH 2014 https://cumulocity.com

More Related Content

PDF
Internet of Things
cumulocity
 
PPTX
Internet of things basics
cumulocity
 
PDF
Top 10 reasons your IoT project will fail
Yodit Stanton
 
PDF
Iot 1906 - approaches for building applications with the IBM IoT cloud
PeterNiblett
 
PPTX
Dynamic Software Defined Network Infrastructure Test Bed at Marist College
ADVA
 
PDF
“Machine Learning for the Real World: What is Acceptable Accuracy, and How Ca...
Edge AI and Vision Alliance
 
PDF
People Counting: Internet of Things in Motion at JavaOne 2013
Eurotech
 
PDF
Session 1908 connecting devices to the IBM IoT Cloud
PeterNiblett
 
Internet of Things
cumulocity
 
Internet of things basics
cumulocity
 
Top 10 reasons your IoT project will fail
Yodit Stanton
 
Iot 1906 - approaches for building applications with the IBM IoT cloud
PeterNiblett
 
Dynamic Software Defined Network Infrastructure Test Bed at Marist College
ADVA
 
“Machine Learning for the Real World: What is Acceptable Accuracy, and How Ca...
Edge AI and Vision Alliance
 
People Counting: Internet of Things in Motion at JavaOne 2013
Eurotech
 
Session 1908 connecting devices to the IBM IoT Cloud
PeterNiblett
 

What's hot (20)

PDF
Foster your business with the cloud - Webinar for MSPs
Manuel Daza
 
PDF
M2M Scenario
Martin Gutberlet
 
PDF
IBM_BHTelecom_Cloud_Orchestrator
Adnan Hantalasevic
 
PDF
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
Eurotech
 
PDF
Real World IoT Architecture Use Cases
Eurotech
 
PPT
Gen-i: Business Continuity considering reputation, security and virtualisation
Vincent Kwon
 
PDF
OSGi and Java in Industrial IoT
Eurotech
 
PDF
Carousel Industries
gueste845fd
 
PDF
Simplify Internet of Things with an Intelligent Gateway
Eurotech
 
PDF
Ibm ai in cognitive era
Mike Chang
 
PDF
Developing Interoperable Components for an Open IoT Foundation
Eurotech
 
PDF
L’IoT industriale e i vantaggi competitivi della trasformazione digitale
Eurotech
 
PPTX
Siyavuyisa Township Networks 2011
siyavuyisa
 
PPTX
The Rise of Communications-as-a-Service (CaaS)
Roberto Moctezuma
 
PDF
Building IoT Mashups for Industry 4.0 with Eclipse Kura and Kura Wires
Eurotech
 
PDF
Internet of Things
Peter Tutty
 
PDF
IBM Global Technology Services
Ana Alves Sequeira
 
PDF
Intimate Things: How Wearables Are Changing The Internet of Things
Paul Brody
 
PDF
DWS15 Connected Things Forum - Guest Keynote - Paul-Edouard LAUNAY - Jasper
IDATE DigiWorld
 
PPTX
#bluemixdrone is at Southbank for the IBM Service Advisory Exchange
Brandon Jones
 
Foster your business with the cloud - Webinar for MSPs
Manuel Daza
 
M2M Scenario
Martin Gutberlet
 
IBM_BHTelecom_Cloud_Orchestrator
Adnan Hantalasevic
 
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
Eurotech
 
Real World IoT Architecture Use Cases
Eurotech
 
Gen-i: Business Continuity considering reputation, security and virtualisation
Vincent Kwon
 
OSGi and Java in Industrial IoT
Eurotech
 
Carousel Industries
gueste845fd
 
Simplify Internet of Things with an Intelligent Gateway
Eurotech
 
Ibm ai in cognitive era
Mike Chang
 
Developing Interoperable Components for an Open IoT Foundation
Eurotech
 
L’IoT industriale e i vantaggi competitivi della trasformazione digitale
Eurotech
 
Siyavuyisa Township Networks 2011
siyavuyisa
 
The Rise of Communications-as-a-Service (CaaS)
Roberto Moctezuma
 
Building IoT Mashups for Industry 4.0 with Eclipse Kura and Kura Wires
Eurotech
 
Internet of Things
Peter Tutty
 
IBM Global Technology Services
Ana Alves Sequeira
 
Intimate Things: How Wearables Are Changing The Internet of Things
Paul Brody
 
DWS15 Connected Things Forum - Guest Keynote - Paul-Edouard LAUNAY - Jasper
IDATE DigiWorld
 
#bluemixdrone is at Southbank for the IBM Service Advisory Exchange
Brandon Jones
 
Ad

Similar to Debunking IoT Security Myths (20)

PPTX
IoT security
YashKesharwani2
 
PDF
IoT – Breaking Bad
NUS-ISS
 
PDF
The Internet of Things – Good, Bad or Just Plain Ugly?
Yasmin AbdelAziz
 
PDF
iot-bringing-trust-to-iot[1]
Haider Iqbal
 
PDF
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET Journal
 
PDF
IoT and the implications on business IT architecture and security
DeniseFerniza
 
PDF
Security in IoT
SKS
 
PDF
Y20151003 IoT 資訊安全_趨勢科技分享
m12016changTIIMP
 
PDF
Internet of Things Security Patterns
Mark Benson
 
PDF
Internet of Things - A Different Kind of Scary v2
FitCEO, Inc. (FCI)
 
PDF
Cybersecurity in the Age of IoT - Skillmine
Skillmine Technology Consulting
 
PPTX
IoT Security: Debunking the "We Aren't THAT Connected" Myth
Security Innovation
 
PDF
Kijiji 160616
Carlos Chalico
 
PPTX
Spirent: The Internet of Things: The Expanded Security Perimeter
Sailaja Tennati
 
PPTX
A Wake-Up Call for IoT
Ahmed Banafa
 
PPTX
Not IN Cybersecurity Connectivity,Cloud Platforms,Security.pptx
PratimanChoubey
 
PDF
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
online Marketing
 
PPTX
ISSA-UK - Securing the Internet of Things - CIO Seminar 13 May 2014
Adrian Wright
 
DOCX
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
vrickens
 
PDF
AuthentiThings: The Pitfalls and Promises of Authentication in the IoT
TransUnion
 
IoT security
YashKesharwani2
 
IoT – Breaking Bad
NUS-ISS
 
The Internet of Things – Good, Bad or Just Plain Ugly?
Yasmin AbdelAziz
 
iot-bringing-trust-to-iot[1]
Haider Iqbal
 
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET Journal
 
IoT and the implications on business IT architecture and security
DeniseFerniza
 
Security in IoT
SKS
 
Y20151003 IoT 資訊安全_趨勢科技分享
m12016changTIIMP
 
Internet of Things Security Patterns
Mark Benson
 
Internet of Things - A Different Kind of Scary v2
FitCEO, Inc. (FCI)
 
Cybersecurity in the Age of IoT - Skillmine
Skillmine Technology Consulting
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
Security Innovation
 
Kijiji 160616
Carlos Chalico
 
Spirent: The Internet of Things: The Expanded Security Perimeter
Sailaja Tennati
 
A Wake-Up Call for IoT
Ahmed Banafa
 
Not IN Cybersecurity Connectivity,Cloud Platforms,Security.pptx
PratimanChoubey
 
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
online Marketing
 
ISSA-UK - Securing the Internet of Things - CIO Seminar 13 May 2014
Adrian Wright
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
vrickens
 
AuthentiThings: The Pitfalls and Promises of Authentication in the IoT
TransUnion
 
Ad

Recently uploaded (20)

PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Approach and Philosophy of On baking technology
30anthuong17
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
KodekX | Application Modernization Development
KodekX
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Encapsulation theory and applications.pdf
gurumoop
 

Debunking IoT Security Myths

  • 1. Debunking IoT Security Myths © Cumulocity GmbH 2014 André Eickler
  • 2. Overview • What is Cumulocity? • What is the Internet of Things (IoT)? • What security challenges are there? • What common myths are there? • What you can do! © Cumulocity GmbH 2014
  • 3. What is Cumulocity? Where do we come from? • Started 2010 as Nokia Networks product line. • Independent company since 2012. • Originally targeted to the very security-aware telco industry. What do we do? • Cloud service to fundamentally reduce the complexity of deploying Internet of Things solutions. • Pay-as-you-grow starting from €1/device/month. © Cumulocity GmbH 2014
  • 4. What is Cumulocity? © Cumulocity GmbH 2014
  • 5. What is the Internet of Things? Asset + Device + Application © Cumulocity GmbH 2014
  • 6. What security challenges are there? IoT devices are where your assets are. • Limited physical control over device and network connection. • “Data center distributed all over the country.” IoT devices are extremely heterogeneous. • Little standardization, thousands of manufacturers and platforms. • “BYOD to the max.” IoT devices come in billions. • … at least if the analysts are right. • Great target for dDoS. © Cumulocity GmbH 2014
  • 7. What security challenges are there? IoT devices may control the physical world. • Production plants, cars, wheel chairs, … • Extremely attractive target for attacks. IoT business cases often rely on cheap devices. • Low-end devices make communication security difficult. • Often no remote patching or upgrade facility. • Mobile M2M tariffs are counted by the KB, SSL/VPN overhead unwanted. © Cumulocity GmbH 2014
  • 8. What common myths are there? Actual issues are no surprise to security experts, but … • They are not viewed from the context of IoT. • They are misunderstood even by renowned publishers. © Cumulocity GmbH 2014
  • 9. © Cumulocity GmbH 2014 IPSO Power Control c’t 09/13, p.98 Myth #1: The “thing” must be a server
  • 10. Myth #1: The “thing” must be a server © Cumulocity GmbH 2014 Device is Server Device is Client Security Very High Risk No open port => lower Optimal for Actuators Sensors Data sharing By device (not in mobile!) By server Data Access & Scaling Difficult to impossible Easy and cheap Addressing Static IP Dynamic & Private IP Consequence Requires VPN Requires Device Push
  • 11. Myth #2: A VPN solution is enough for security © Cumulocity GmbH 2014
  • 12. Myth #2: A VPN solution is enough for security • Industrial-level attacks often come from insiders – IoT is just a new dimension. • IoT devices are often unattended and a VPN setup may be used as entry point into the corporate network. • Mobile IoT devices can be still attacked through SMS (reconfiguration, redirection, DoS). • VPN causes expensive overhead on mobile, customers complain about an extra 10-90 MB of traffic per month. © Cumulocity GmbH 2014
  • 13. Myth #3: My protocol is better! © Cumulocity GmbH 2014
  • 14. What you can do! Translate your security practices to the IoT world. I.e., • Check physical security. – USB/serial/LAN ports on devices in public places? – Tamper sensors included? • Check network security. – Switch off SMS on the device or use a secure SMS service. – Switch off local/web element managers. – Replace standard/static passwords. • Check application security. – Validate device protocol. Use device only as client to a secure IoT service with individual credentials. © Cumulocity GmbH 2014
  • 15. What you can do! Don’t reinvent the wheel, pick an IoT middleware … © Cumulocity GmbH 2014 https://cumulocity.com