The Internet of Things (IoT Security) has grown exponentially in recent years, has gone from being a stranger to being present in our day-to-day.
Smart devices such as appliances, televisions, thermostats, assistants, and a host of accessories not only make our lives easier. But that continuously captures information, information that is not always adequately secured.
What is a privacy problem in the domestic environment translates into a severe security problem in the industrial environment since these types of devices control production processes or can give access to private areas of the corporate network if they not accurately managed.
Table of Contents
IoT Security -Are these problems severe?
According to a Symantec study, attacks on IoT Security devices have increased six-fold in recent years. Its novelty, the lack of security that often surrounds such devices and, above all, the massive number of tools and the speed at which they grow, it is estimated that there are more than 20,000 million devices installed, make this type of device a juicy goal.
Also Read: IoT Risks
What can an attacker get with these devices?
The key is its immense number, a botnet of IoT devices can form by hundreds of thousands or even millions of tools that can use in denial of service attacks that seek to interrupt a service based on making a considerable number of requests in a coordinated way. To request an excellent calculation capacity is not necessary, and therefore almost any device can.
A clear example of a denial of service attack with IoT Security was caused by the so-called “Mirai” that infected hundreds of thousands of computers that were used to perform some of the strongest denials of service attacks in history, OVH reported traffic from 1 Tb / s from this botnet in various attacks.
In addition to security problems, these devices have privacy problems, since they take data that, in many cases, can be personal and send them to the cloud — this shipment made in many cases without adequate security. Securing personal data can be interrupted by a third party. In other cases, they can also be blocked by the internet provider, the device provider or even by government agencies.
Related Post: IoT Security Market
How can we protect Ourselves?
Most devices are small miniature computers, and as with any network, the first security measure is to configure the equipment correctly.
The default configuration is one of the most common sources of vulnerability. And it is necessary to adapt the configuration and use strong passwords to avoid leaving too many doors open.
It is necessary to keep the devices updated. It must take into account that any vulnerability detected that not effectively remedied is an open door and that if the device ceases to be supported by the manufacturer. We must replace it and that if we cannot replace it, we will have to find other ways to secure it.
We now enter the main security problem of these types of devices. The number of connections they make to the internet, which often occurs with inadequate security.
These devices are designed with priorities other than security. Usually, in their design process, things like unit cost or battery life take precedence over communications security. Therefore it is essential to review the specifications of the device when selecting it. You have to look for devices that use secure encryption in all your communications. Otherwise, it will be susceptible to being intercepted or monitored. If it is not possible to use a device with secure encryption or we are interested in ensuring an existing deployment, we can always use a VPN to secure communications.
A VPN service will help us encrypt communications between the device and the cloud with strong encryptions. Although we may not be able to find or not compensate for installing a VPN client on each device, it is possible to use the VPN on a router or hub.
Installing the VPN client on a router will ensure that all traffic secured, we can do the same, for example, with a Raspberry Pi device as a sensor hub (e.g., Arduino).
In the case of having many devices connected to the internet, without doing so through a router or a hub, Smart DNS services can be used to circulate traffic through the VPN server, it is not such a secure solution, but it provides an additional level of security.
The Internet of Things is a reality that brings new security problems. A large number of devices that deploy and the little concern in their security make them favorite targets for attacks. Following small safety standards, we will reduce the danger.