10 IoT Security Best Practices For IT Pros

...

IT professionals have to treat internet of things (IoT) vulnerabilities as they would vulnerabilities in databases or web applications. Any flaw can bring unwelcome attention, for those making affected products and those using them. Any flaw may prove useful to compromise other systems on the network. When everything is connected, security is only as strong as the weakest node on the network.

The Internet Crime Complaint Center (IC3), a partnership between the FBI, the National White Collar Crime Center, and the Bureau of Justice Assistance, issued a warning in September 2015 about the risks posed by internet of things (IoT) devices.

"As more businesses and homeowners use web-connected devices to enhance company efficiency or lifestyle conveniences, their connection to the Internet also increases the target space for malicious cyber actors," the IC3 alert said. "The FBI is warning companies and the general public to be aware of IoT vulnerabilities cybercriminals could exploit, and offers some tips on mitigating those cyber threats."

From a statistical standpoint, the warning may seem premature, because IoT devices haven't been implicated in major breaches. As Verizon noted in its 2016 Data Breach Investigations Report (DBIR):

For those looking for proclamations about this being the year that mobile attacks bring us to our knees or that the Internet of Things (IoT) is coming to kill us all, you will be disappointed. We still do not have significant real-world data on these technologies as the vector of attack on organizations.

We do have real-world proofs-of-concept. Cyber-security researchers Charlie Miller and Chris Valasek last year remotely hacked a moving Jeep Cherokee and sent it into ditch. The pair have more recently demonstrated hijacking a moving Jeep is still possible, though this time they were inside the vehicle.

Also last year, security researcher Maxim Rupp identified two vulnerabilities in Honeywell's Midas gas detector, a device used in semiconductor processing and industrial manufacturing. Researchers have identified many other holes in IoT security.

The potential impact of these flaws may prompt fears. The idea that a hacker might cause you to crash your car is frightening. There's not much money in pursuing that sort of exploitation, and hackers tend to be motivated by the desire for financial gain. According to Verizon's 2016 DBIR, 89% of breaches had a financial or espionage motive.

Yet, those working in information technology have to treat IoT vulnerabilities as they would vulnerabilities in databases or web applications. Any flaw can bring unwelcome attention for those making affected products and those using them. Any flaw may prove useful to compromise other systems on the network.

When everything is connected, security is only as strong as the weakest node on the network. A compromised home router, for example, could betray credentials necessary to penetrate workplace systems.

Pen Test Partners, a company offering penetration testing and security services, offers best practices for IoT device-makers, app developers, and IoT supply chain partners to consider. So do Microsoft and the Federal Trade Commission. whiteCryption has some recommendations too.

Anyone dealing with IoT software or hardware would also do well to review the OWASP Top 10 IoT Vulnerabilities.

What follow are 10 tips IT professionals should consider when designing and implementing internet-connected devices.

Categories
APPLICATIONS
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    Google Kills Chromebook Pixel 2

    With the demise of the Pixel 2, Google is no longer making and selling its own Chromebooks.The Chromebook Pixel 2 is no more.
  • 5300c769af79e

    Amazon Prime Begins Restaurant Deliveries in London

    Put down the pots and pans and step away from the oven: Amazon Prime restaurant delivery is now live in London.Using the Prime Now mobile app, hungry users in select London postcodes can place orders with local restaurants to receive a hot meal in an hour or less.
  • 5300c769af79e

    IBM's Watson Smartens Up iOS Enterprise Apps

    The company has optimized several new technologies to work with the iOS 10 speech framework -- including IBM Natural Language Processing, Watson Conversation and other Watson APIs -- enabling millions of workers who use the MobileFirst technology to control apps with simple voice interactions.The extended relationship with Apple is the most interesting thing that IBM announced at the conference, according to Charles King, principal analyst at Pund-IT.
  • 5300c769af79e

    DEAL: Aukey 16000mAh Quick Charge 3.0 Power Bank is Just $23

    Here are a couple of last minute deals on AUKEY’s Quick Charge-powered products before we jump into the Christmas weekend.Each needs its own coupon code entered at checkout to get the good price, but you can handle that, right?