How to keep your IoT devices secure
Investment in the Internet of Things (IoT) is booming. By 2027 it’s predicted that there will be around 30 billion IoT devices globally, double the number from 2022. IoT isn’t new but its growing popularity is down to companies being able to automate processes and reduce labor costs during a time when operational spend is at its greatest.
All great stuff but on the flip side, the more interconnected your environment, the greater the attack surface for cyber gangs to compromise. Each connected IoT device offers possible entry points for hackers and malicious threat actors, through misconfigurations and other unpatched errors. Just last month Microsoft uncovered instances of cyptojacking, through affected Linux-based IoT devices, an online threat that embeds itself within a device and uses its resources to mine cryptocurrency, also known as cryptomining.
Nor are attacks against Linux systems the only vulnerabilities being exploited. Today, instead of developing custom Linux kernels for IoT devices, manufactures are saving development time and costs by using commercial off the shelf (COTS) operating systems designed especially for IoT and other low resource systems such as Windows Embedded and Windows IoT, a minimal version of regular Windows operating systems. Indeed, today, the vast majority of new healthcare IoT systems including hospital medical devices, run on Windows Embedded or Windows IoT.
Richard Staynings is Chief Security Strategist at Cylera.
Healthcare IoT
IoT by itself would not normally be a problem, but medical and other healthcare IoT systems have a long development, test, and approval period, followed by in some cases a 10 or 15 year expected lifespan and amortization schedule. This leads to the wide use in hospitals of technologies that are up to 20 years old, some of which are no longer supported and patched against security vulnerabilities by their creators.
An example of this is broad usage of Windows XP and Windows 7 in their embedded forms across medical devices today. While Microsoft provided extended support for the embedded versions of its operating systems long after retiring…