Internet of Things (IoT) technology continues to disrupt both the consumer and enterprise sectors, and as each powerful new use is found its adoption is only expected to grow. But many IoT security risks remain.
The very network connections that drive the IoT are also its greatest liability, opening previously-secure physical infrastructure to remote network-based attack. But with a little bit of insight and with careful planning IoT security technology can be effectively deployed in any organization.
What is IoT?
The Internet of Things is the latest generation of physical infrastructure embedded with Internet connections. Think security cameras that on their own email homeowners motion-detected video clips. Or asset management lockers that notify supervisors when sensitive equipment isn’t returned at the end of a shift.
Why IoT Security Matters
IoT technology is spreading fast. The Gartner research firm estimates that 8.4 billion IoT devices are in use today worldwide. That figure is expected to more than double by 2020.
The threats against them have increased too. In a few short years IoT attacks have gone from being solely a tool of national intelligence agencies to standard kit for hackers. In fact, one of the largest ‘denial of service’ attacks in Internet history, and the largest cyber-attack of 2016, was perpetrated by novice hackers targeting IoT security cameras, printers, and even baby monitors. Using a network of these infected devices the attackers were able to disrupt Internet service for much of the eastern United States.
Today there are even publicly available IoT device ‘search engines’ that let anyone, security professionals and hackers alike, find devices anywhere in the world. Threats to physical infrastructure no longer come through the front or back door, they now can come from another hemisphere.
What’s on the IoT Horizon?
Adding even greater potential, the Internet of Things is about to go outdoors as Narrow Band wireless technology (NB-IoT) hits the enterprise security market. NB-IoT piggybacks on existing cellular networks, so anywhere there’s cellphone service soon a whole new generation of IoT devices will be able to go online.
3 IoT Hacking Techniques to Beware of
The IoT is powerful but it creates an overlap between our physical and network security environments that can be exploited. This is particularly important to consider as businesses deploy more and more IoT systems within their own physical security infrastructure. Deployed improperly these security systems can become vulnerabilities themselves.
If your business uses or plans to use IoT systems it pays to know the tactics hackers might use to target them.
A hacker can position a ‘skimming’ device near one of your IoT assets to wirelessly copy data. This could include copying smart card or fob access credentials, or sensitive data directly off IoT security cameras, printers, or other infrastructure.
Possible Solution: Attackers and their tools need to be separated from your assets. You can require guests in your facility to deposit unapproved equipment beyond your perimeters in secure asset lockers. Or adjust access control measures at your perimeters.
Eavesdropping attacks to intercept sensitive communication used to only take place over the Internet. Now attackers can position scanning devices physically next to IoT infrastructure on site to do the same. This could include lifting access control data at your perimeter. Or sensitive data directly from wirelessly-enabled data mobile devices or laptops.
Possible Solution: Controlling the movement of assets and people alike is key here. A real time indoor positioning system could be used to track access keys, assets, or personnel within your facility, depending on your specific needs. Or secure your own idle electronics in asset lockers.
3) Relay Attacks
IoT technology enables organized teams of hackers to carry out sophisticated relay attacks. For example, if an employee is off-site with their access card or fob, one attacker can skim their credential data. A second attacker on site at your facility can receive that data and impersonate that employee using a dummy broadcast IoT device to bypass your access control or asset management systems.
Possible Solution: For particularly sensitive assets or keys that can never be exposed to such a threat an exit alert system could be used to notify security personnel to respond to assets approaching your perimeters.
If there weren’t enough indicators already, convergence has become a necessary security approach, as IoT technology has literally converged our physical and network infrastructure.
Going hand-in-hand with such a converged program comes increased communication and security education throughout your organization. IoT technology can turn any employee’s mobile device into a potential threat. Your entire organization needs to be aware of and participate in your security efforts.
And when in doubt, get expert assistance evaluating and deploying new systems. IoT technology is powerful but complex. Making sure it’s used both effectively and securely within your organization can require insight from dedicated experts.
Learn how your organization can leverage powerful new IoT security solutions. Request a demo of any Real Time Networks solution today.
Editor's Note: This post was originally published on March 7, 2017, and has been updated for accuracy and comprehensiveness.