The term IoT security is now become a ubiquitous term to expose vulnerability of tens of billions of things that have sensing capabilities, connected with each other through Internet. The Internet of Things exposure includes everything of our daily routine life usable, smart home appliances, factory control units, medical equipments and even automobiles. Gartner estimates that there will be around 20.4 billion interconnected gadgets by the year 2020 .
In October 21, 2016, The “ Mirai” malware infected the networked devices because of less security levels , it accessed insecure devices through opened telnet ports over the internet , then tried to log in with device’s default passwords. Thousands of infected interconnected units had lost their directed traffic and got violent, which caused heavy load on ISPs servers. Many high-traffic websites including Twitter and CNN were inaccessible for many hours. That was due to the distributed denial of service (“DDoS”) attack.
The attackers can compromise with any of the following areas :
Local devices ecosystem access , as every internet enabled thing is interconnected with another .
Taking web console
Taking admin control with default password
Injecting virus in idle device memory
Taking control of weak vendor back end APIs
Through mobile apps .
Spoofing on network interfaces
Through Cloud .
The first and must step is to secure Internet things right away just after the acquiring them, because the contrivance which is not properly secure may be exploited within minutes after being connected with the network. To do this, visit the manufacturer’s website and download latest security patches. Second important thing is to change default password with the secure one that must meet with the complexity requirements as well, before start using the device.
Update the firmware and patches whenever available as it may also be vulnerable if not regularly updated and patched. Make plan to Invest in any security software , such as Google Cloud IoT Core, to stop malware traffic . we can have any autonomous security operations platform which uses artificial intelligence (AI) and machine learning (ML) to identify malware and other security concerns.
Keep disconnected insecure cog, we must replace the insecure with secure models. The devices that needs administrator password to keep and maintain the security levels, may be exploited. Similarly turn off gadgets when not in use, the memory of idle devices can be compromised.
Protect the parent network, the Wi-Fi routers and access points. It is very important as things keep connected with the Wi-Fi networks as on regular basis .Secure the Wi-Fi’s by means of filtering Ports, IP and Hardware address and default built-in application.
Subnet the network by creating guest networks or set the routers or firewalls so that the IP address of the device is denied from outside the local network. Doing this, every widget will be inaccessible with the home or office’s private network. If access is required through public Wi-Fi network, create private internet access connection and use anti-virus and IDS to protect Internet of things.
Every enterprise should have a comprehensive BYOD policy or prohibit personal from connecting to the private network but with least limit to guest network.
Track and assess the traffic flow, businesses need to track and monitor everything connected to the network.