Use IoT hardening to secure vulnerable connected devices

/in


IoT and industrial IoT devices are generally designed to be small and low-cost, using the minimum software and resources necessary to perform a single task, usually without human interaction. Security is often an afterthought. The lack of built-in security in many IoT and IIoT devices puts everyone and everything at risk — from individuals and businesses to critical infrastructures and government agencies.

As a result, many organizations have deployed IoT devices without fully understanding their weaknesses and the effect those vulnerabilities might pose on overall network security. Consumers, meantime, either lack the knowledge or the motivation to change default passwords and settings before connecting IoT devices to their networks. They’re also likely to be unaware if their device has been hacked; a successful attack is unlikely to noticeably degrade performance or service.

Absent IoT hardening, IoT attacks can yield severe repercussions. The 2016 Mirai botnet DDoS attack, for example, affected more than 600,000 IoT devices, among them routers and IP cameras, and took down dozens of major internet sites, including Amazon, Netflix and Airbnb. More troubling was the 2015 investigation that illustrated how easy it was for hackers to take over a Jeep’s controls even as its driver sped 70 mph on a St. Louis highway.

Top IoT device security weaknesses

Organizations need to harden IoT devices and the platform they run on to avoid having their devices infected, hijacked and used in a cyber attack. Without the proper IoT hardening, IoT devices are prone to the following weaknesses:

  • Absence of device authentication. Without authentication, unauthorized devices can access a network and act as an attack entry point.
  • Lack of visibility. Without authentication or a unique identifier, it is difficult to track, monitor and manage IoT devices.
  • Embedded passwords. While default or hardcoded passwords can make installation and remote access simpler, it also makes access easier for hackers.
  • Patching and upgrading. There are often no easy means to patch or upgrade software running on IoT devices, leaving devices with known vulnerabilities exposed to hackers.
  • Physical access. IoT…

Source…