10 IoT Security Best Practices For IT Pros

...

IT professionals have to treat internet of things (IoT) vulnerabilities as they would vulnerabilities in databases or web applications. Any flaw can bring unwelcome attention, for those making affected products and those using them. Any flaw may prove useful to compromise other systems on the network. When everything is connected, security is only as strong as the weakest node on the network.

The Internet Crime Complaint Center (IC3), a partnership between the FBI, the National White Collar Crime Center, and the Bureau of Justice Assistance, issued a warning in September 2015 about the risks posed by internet of things (IoT) devices.

"As more businesses and homeowners use web-connected devices to enhance company efficiency or lifestyle conveniences, their connection to the Internet also increases the target space for malicious cyber actors," the IC3 alert said. "The FBI is warning companies and the general public to be aware of IoT vulnerabilities cybercriminals could exploit, and offers some tips on mitigating those cyber threats."

From a statistical standpoint, the warning may seem premature, because IoT devices haven't been implicated in major breaches. As Verizon noted in its 2016 Data Breach Investigations Report (DBIR):

For those looking for proclamations about this being the year that mobile attacks bring us to our knees or that the Internet of Things (IoT) is coming to kill us all, you will be disappointed. We still do not have significant real-world data on these technologies as the vector of attack on organizations.

We do have real-world proofs-of-concept. Cyber-security researchers Charlie Miller and Chris Valasek last year remotely hacked a moving Jeep Cherokee and sent it into ditch. The pair have more recently demonstrated hijacking a moving Jeep is still possible, though this time they were inside the vehicle.

Also last year, security researcher Maxim Rupp identified two vulnerabilities in Honeywell's Midas gas detector, a device used in semiconductor processing and industrial manufacturing. Researchers have identified many other holes in IoT security.

The potential impact of these flaws may prompt fears. The idea that a hacker might cause you to crash your car is frightening. There's not much money in pursuing that sort of exploitation, and hackers tend to be motivated by the desire for financial gain. According to Verizon's 2016 DBIR, 89% of breaches had a financial or espionage motive.

Yet, those working in information technology have to treat IoT vulnerabilities as they would vulnerabilities in databases or web applications. Any flaw can bring unwelcome attention for those making affected products and those using them. Any flaw may prove useful to compromise other systems on the network.

When everything is connected, security is only as strong as the weakest node on the network. A compromised home router, for example, could betray credentials necessary to penetrate workplace systems.

Pen Test Partners, a company offering penetration testing and security services, offers best practices for IoT device-makers, app developers, and IoT supply chain partners to consider. So do Microsoft and the Federal Trade Commission. whiteCryption has some recommendations too.

Anyone dealing with IoT software or hardware would also do well to review the OWASP Top 10 IoT Vulnerabilities.

What follow are 10 tips IT professionals should consider when designing and implementing internet-connected devices.

Categories
APPLICATIONS
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    Surprise! Texting and Driving Is Still A Bad Idea

    If you're still texting and driving, what is wrong with you?A new study published in the journal Scientific Reports shows that texting and driving is far more dangerous than doing many other things while driving, including eating, adjusting music, and using the in-vehicle navigation system.
  • 5300c769af79e

    When is your phone getting Android 7.0 Nougat? We asked every manufacturer

    After more than 5 months in beta, Google has officially rolled out the latest version of the Android mobile operating system — Android 7.Related: We noshed on Nougat, and Android 7.
  • 5300c769af79e

    Giveaway: Win 1 of 2 Huawei Mate 9 Phones We Got From CES

    If you saw it, we posted up what we’d be taking to CES in our bags this last week.Under my section, I mentioned leaving enough room in my bag to bring back CES goodies, and naturally, my planning paid off bigly.
  • 5300c769af79e

    Amazon Instant Video (2015)

    Compare Similar ProductsCompare Hulu (2015) %displayPrice% Netflix (2015) %displayPrice% Netflix (for Android) %displayPrice% Netflix (for iPhone) %displayPrice% Netflix (for iPad) %displayPrice% Amazon Instant Video (for Android) %displayPrice% Amazon Instant Video (for iPhone) %displayPrice% Apple iTunes %displayPrice% Hulu (for Android) %displayPrice% Hulu (for iPad) %displayPrice% Hulu (for iPhone) %displayPrice% Design/InterfaceAmazon gives you plenty of ways to dive into its deep content pool of more than 100,000 television shows and movies.View All Photos in GalleryThe Amazon Instant Video ExperienceIndividual standard-definition TV episodes are available for 99 cents (Bones, Glee), $1.