- physical devices that are equipped with sensors, software, and internet connectivity.
- These devices can collect and exchange data with other devices and systems over the internet or other networks.
- In simpler terms, it’s about everyday objects becoming smart and interconnected.
Internet of Things (IoT)
The term “Internet of Things” is coined by
Kevin Ashton “The Father of IoT” in 1999.
FEW APPLICATIONS OF IOT
- Building and Home automation
- Manufacturing
- Medical and Healthcare Systems
- Media
- Environmental Monitoring
- Infrastructure Management
- Energy Management
- Transportation
- Better quality of life for the Elderly
Examples of IOT
- Smart Home Devices
- SENSORS
- Wearable technologies
- IoT-Enabled Prosthetics
- Personal Medical Devices
- Smart Inhalers
are electronic devices that are physically worn by individuals in order to track, analyze and transmit personal data
Wearable technologies
These devices - such
as FitBit, Nike FuelBand,
or Withings – generally
communicate using
BlueTooth to
nearby personal
mobile devices.
Consumer products for health monitoring
FOUR CATEGORIES OF NETWORKED MEDICAL DEVICES
- Consumer products for health monitoring
- Wearables
- Internally embedded medical devices
- Stationary medical devices
one that can drive itself from a starting point to a predetermined destination in “autopilot” mode using various in-vehicle technologies.
Autonomous Vehicle
a malicious attempt to exploit vulnerabilities in internet-connected devices, such as smart home devices, industrial control systems, and medical devices
IoT Attack
How does an IoT attack
differ from IT attacks?
- Attack surface
- Diversity of devices
- Physical impact
- Legacy devices
- IoT devices are often designed with limited resources and processing power.
- So they may lack security features to protect against attacks, making them more vulnerable to attacks compared to IT.
Attack surface
IoT devices often have longer lifes. Many older devices will be in use and connected. Legacy devices may not receive software updates or security patches, making them more vulnerable.
Legacy devices
The types of IoT devices vary significantly in form factor,operating systems, and network connectivity. So standardized security measures are more complex, leaving some more vulnerable to attacks than
others.
Diversity of devices
IoT devices are often used in critical infrastructure or life-sustaining systems, such as medical devices, which means that an attack on these devices can have severe physical consequences. In contrast, most IT attacks are focused on stealing data or disrupting services.
Physical impact
Challenges faced by IoT
- Scalability
- Security
- Technical Requirements
- Technological Standardization
- Software Complexity
IoT Attacks Examples
- The Mirai Botnet
- Verkada Hack
- Cold in Finland IoT Attack
Common IoT
Vulnerabilities
- Weak, guessable, or hardcoded passwords
- Lack of secure update mechanism
- Insecure Networks
- Insecure or Outdated Components
are among the most frequent methods attackers use to compromise IoT devices. Weak and reused passwords, which are short or easy to guess, are simple for attackers to crack, which they then use to compromise devices and launch large-scale attacks.
Weak, guessable, or hardcoded passwords
make it easy for cyber criminals to exploit weaknesses in the protocols and services that run on IoT devices. Once they have exploited a network, attackers can breach confidential or sensitive data that travels between user devices and the server. Insecure networks are particularly susceptible to man-in-the-middle (MITM) attacks, which aim to steal credentials and authenticate devices as part of broader cyberattacks.
Insecure Networks
Devices with insecure update processes risk installing malicious or unauthorized code, firmware, and software. Corrupt updates can compromise IoT devices, which could be critical for organizations in the energy, healthcare, and industrial sectors.
Lack of secure update mechanism
The IoT ecosystem can be compromised by code and software vulnerabilities and legacy systems. Using insecure or outdated components, such as open-source code or third-party software, can present vulnerabilities that expand an organization’s attack surface.
Insecure or Outdated Components
entails reviewing and restricting the access permissions of smart devices, such as limiting unnecessary access to sensitive data like contacts, thus minimizing potential privacy breaches.
Monitor permissions
involves ensuring that WiFi networks are protected by strong, unique passwords and avoiding connections to unfamiliar or untrusted networks, reducing the risk of unauthorized access.
Use secure networks
involves implementing network security measures, like firewalls, to shield IoT devices from attacks and block unauthorized access to hidden protocols, enhancing overall security posture.
Protect your devices
