Best Practices For Protecting IoT Devices From Security Threats
By Igor Seletskiy
Billions of internet-connected sensors and other devices, comprising the Internet of Things (IoT), now span the world’s manufacturing plants and logistics infrastructure. They enable remarkable efficiency and unprecedented data collection for industrial companies.
However, with so many poorly secured devices in operation, the so-called Industrial IoT (IIoT) exposes manufacturing businesses to high levels of cyber risk.
Manufacturers should understand that a tiny IoT sensor exposes the business to as much risk as a large-scale server in the data center. Once compromised, it can wreak havoc on information systems or serve as a gateway into the network for malicious actors. Security countermeasures are available for the IIoT. This article examines the nature of the IoT security problem and offers some best practices for mitigating the risks.
Why Is There A Lack Of Security In IoT Devices?
IoT devices tend to be poorly secured. The reasons for this are many and varied, but in general, IoT devices are vulnerable because they were not designed for security. They were designed for low cost and simple functionality. They also aren’t managed for security. For example, according to a study conducted by Unit 42 and Palo Alto Networks, a striking 83% of medical imaging devices run unsupported (i.e., insecure) operating systems.
Hackers can easily take over devices by exploiting unpatched vulnerabilities. Indeed, the same study found that 51% of threats for healthcare organizations involve imaging devices. In general, 57% of IoT devices are vulnerable to medium- or high-severity attacks. IoT emerges as the “low-hanging fruit” for malicious actors as they perpetrate their cyberattacks. Compounding these fundamental risks is the reality that nearly all IoT device traffic is unencrypted. With insecure devices carrying confidential information in unencrypted form, attackers can carry out data breaches with relative ease. The IoT further creates risk exposure when its network connects with other data assets. Once an attacker has compromised an IoT device, it’s a small hop to other, more valuable digital prey.
IoT Vulnerabilities For The Last Couple Of Years
The industry threat tracking system has clocked a number of serious Common Vulnerabilities and Exposures (CVEs) that affect IoT devices. For example, CVE-2020-11896 could result in remote code execution. By exploiting CVE-2020-11896, a hacker is able to run malware on an IoT device remotely. In an industrial setting, this might mean hijacking equipment that runs automated production systems and even causing physical damage and injury. Another threat, CVE-2020-11897, can cause what is known as an “out-of-bounds write,” which involves forcing the device to overwrite its memory capacity. This impairs the device’s functioning. Other threats include CVE-2020-11898, which enables remote code execution, and CVE-2020-11899, which has the potential to expose sensitive information.
Cyberattack Chain On IoT
Exploited in tandem, these four CVEs could allow malicious actors to take over an industrial network by compromising its IoT devices. Once in the network, the attacker would then be able to attempt further unauthorized access to corporate data assets, disrupt computer systems, steal data or implant ransomware. How does an IoT attack start? The cyberattack chain on IoT varies widely due to the huge range of IoT use cases. Sometimes, they’re almost funny, like when a hacker took over a device that monitored a fish tank at a casino in order to penetrate the casino’s network. In general, the patterns tend to be similar. The attacker finds an exploitable vulnerability on a poorly defended device. They implant malware that gives them control of the device’s operating system and are able to install new software on the device. From there, the attacker can enter the corporate network and look for other exploitable situations such as cached system credentials. The attack proceeds then to its mission, which might be a data breach or disruption of systemic activity.
Best Practices For IoT Security
IT managers are devising best practices for IoT security. Segregating the IoT network, for example, can close off attack paths to hackers. Otherwise, IoT security best practices fall into three main categories: encryption, authentication and system updates. Encryption and authentication policies take work to implement, but they are fairly straightforward in nature. One has to deploy encryption tools and make IoT devices subject to the rules configured in an identity and access management (IAM) solution. This can be challenging, given that the IoT device “user” is seldom a human being, but with a little bit of effort, it is possible to add authentication as a security countermeasure for the IoT. The third practice, system updates, is a bit more difficult. Many, if not most, IoT devices run Linux on ARM processors. An update or an installation of a patch to the Linux “kernel,” its operational core, requires the device to be shut down and restarted. This is inconvenient and perhaps even dangerous if the device is responsible for running a piece of equipment.
The shutdown translates into downtime, which can be hard to find in a busy industrial operation. Waiting for the install, the maintenance window — a period of time that might stretch into weeks — exposes the organization to risk. The restart itself can pose a security risk. Devices may be vulnerable to penetration when they are in the startup state.
Look for newer solutions that enable Linux patching on ARM devices without needing a restart. These tool sets can help IoT managers keep their devices patched without having to wait for a maintenance window. They can also help avoid the risks of a restart.
The IoT is here to stay, especially in the industrial context. It’s certainly growing, with estimates of future device counts running into the tens of billions. Security on that scale will be a challenge. However, it is possible to achieve a high degree of security by following best practices. These include network segregation, authentication and encryption. In addition, new methods of system updating can help keep the IoT secure without the problems created by system restarts.