IoT Cyber security, Ways To Help Secure Your Application
The Internet of Things (IoT) is the network of physical objects accessed through the Internet that can identify themselves to; other devices and use embedded technology to interact with internal states or external conditions. The IoT is an environment where an object that can represent itself becomes; greater by connecting to surrounding objects and the extensive data flowing around it.
When we talk about interconnection, we usually think in terms of computers, tablets and smartphones. IoT describes a world where just about anything can be connected ;and communicate in a “smart mode” by combining simple data to produce usable intelligence. With the IoT, the physical world is becoming one; big information system with an ultimate goal of improving quality of life and empowering new business models.
However, this also means that more personal information and business data will exist in the cloud and be passed back and; forth through thousands of devices that may have exploitable vulnerabilities. One weak link in the security chain could provide hackers with nearly limitless doorways that could; potentially be unlocked and lead them to data.
In October 2016, the Internet of Things was at the center of one of the largest distributed denial of service (DDoS) attacks. A botnet called Mirai hacked IoT devices and then used those devices to send an unprecedented number of traffic requests to Dyn, a large DNS provider. This increase in traffic caused Dyn to go offline, and subsequently knocked a number of its noteworthy customers offline as well—including Amazon, Twitter, and PayPal.
Privacy is a serious concern not just in the IoT, but in all the applications, devices or systems where we share information. Even when users take precautions to secure their information, there are conditions that are beyond their control. Hackers can now craft attacks with unprecedented sophistication and correlate information not just from public networks, but also from different private sources, such as cars, smartphones, home automation systems and even refrigerators.
While there have been numerous high-profile IoT-related cyber attacks over the last several years;, the Dyn attack demonstrates the importance of IoT cybersecurity.
Currently, more things are connected to the Internet than people, according to an infographic from Cisco. It goes on to say that 25 billion devices are expected to be connected by 2015 and 50 billion are slated to connect by 2020. In this quickly evolving world, all the things that connect to the Internet are exponentially expanding the attack surface for hackers and enemies. A recent study showed that 70 percent of IoT devices contain serious vulnerabilities. There is undeniable evidence that our dependence on interconnected technology is defeating our ability to secure it.
Here are few ways that you can use to secure your own application from IoT breaches:
1. Don’t provision your IoT devices with default usernames and passwords.
A large majority of IoT cyber threat can be avoided by following this one simple rule. Here’s why: A lot of common IoT devices (like many smart thermostats and security cameras) are Linux-based, and many are shipped out with default usernames and passwords for SSH connections. If your customer puts one of these devices on their network, it becomes a very easy target. The Mirai attack specifically searched out devices with this very trait. Tools like Shodan and Nmap make it easy for hackers to write a script that finds these devices and tests the default password, paving the way for a large-scale attack using botnets.
2. Don’t use an SSH (Secure Socket Shell) connection, if possible.
Many IoT applications run Linux, and most Linux systems enable SSH by default. That means the device is “listening” to port 22 for anyone who wants to connect to it via SSH. If your application does not require that you use SSH, be certain it’s disabled—because it’s a major IoT cybersecurity vulnerability.
3. Limit your application’s exposure to IP-based networks, if possible.
Chances are good that if someone tries to hack your IoT device, they’ll do so using an online, script-based attack. It’s much, more more rare for a device to be hacked physically by a bad actor in the same room. Limit your application’s exposure to IP networks if you’re able.
Your connectivity provider may be able to help. Symphony Link, for example, doesn’t have IP-based communication from the end-node to the gateway, so there’s no network-based vulnerability that can attack that link. Even if a hacker were able to gain access to, say, a Symphony Link-connected smart water meter, there would be nothing said hacker could do to exploit the connection into the upstream IP network.
4. Create a VPN tunnel into your backend network.
Enable your devices to create a virtual private network (VPN) tunnel for secure communication. The best way to do this with cellular IoT is to negotiate with your carrier to add your devices in their private network, with a VPN tunnel directly to your backend. The result: There’s no way for any traffic to or from your devices to get to the internet. Called virtual air-gapping.
5. Whitelist certain IPs and domain names.
Consider only allowing only a select list of IP addresses or domain names to send traffic to your devices as a form of firewall protection. This can help prevent rogue connections. Keep in mind that if your device is hacked, it may be possible for the hacker to remove the IP and domain blocks you have in place—but this is still a good precautionary step.