The growing network of Internet-connected devices and sensors. It collects and transmits enormous benefits to consumers and industry. Our world tends to move towards the Internet-enabled devices with sensors producing a multitude of data. On the pro-side, it enhances the businesses efficiently, as much information is available for big data analysis. Every sector is eager to incorporate IoT devices into their existing networks. By 2020, it would include over 20 billion devices. It revolutionalizes the way we think and interact with technology and has a great impact on our lives on a daily basis.
On the contrary, it has attracted hackers to tap into various products and leverage them for nefarious purposes.
- Hard-coded passwords
- Not patchable
- Security weak devices leave the rest of the network vulnerable to attack
- Use of IoT devices by bad actors to launch devastating Distributed Denial of Service (DDoS) attacks against particular websites, web-hosting servers, and internet infrastructure providers.
WSJ reveals that in the attack against KrebsOnSecurity and Frech web hosting OVH IP cameras and DVRs used.
All the devices attached to the network like routers, printers can become an entry point for cybercriminals to steal sensitive data or even tamper critical systems.
New guidance report released by ‘The Cloud Security Alliance’s Internet of Things Working Group,' which intends to help device makers design and develop more inherently secure IoT products. The devices lack basic security controls, and are vulnerable, as they are still using default usernames and passwords.
The report specifically lays out 13 considerations for developing “reasonably secure” IoT devices. These includes:
- Secure Development Methodology
- Secure Development and Integration Environment
- Identity Framework and Platform Security Features
- Establish Privacy Protections
- Hardware Security Engineering
- Protect Data
- Secure Associated Apps/Services
- Protect Interfaces/APIs
- Provide Security Update Capability
- Implement Secure Authorization
- Establish Secure Key Management
- Provide Logging Mechanisms
- Perform Security Reviews
The Internet of Things (IoT) Cybersecurity Improvement Act of 2017
(August 02, 2017) Senators introduce cybersecurity bill
U.S. Senators Cory Gardner (R-CO) and Mark R. Warner (D-VA), co-chairs of the Senate Cybersecurity Caucus, along with Sens. Ron Wyden (D-WA) and Steve Daines (R-MT) introduced bipartisan legislation to improve the cyber security of Internet-connected devices and prevent hackers. Among requirements, under the bill terms:
Vendors must ensure devices are patchable
Do not include hard-coded passwords that can't change
Free of known security vulnerabilities