Providing greater insight and control over elements in our increasingly connected lives, the Internet of Things (IoT) emerges at a time when threats to our data and systems have never been greater. There is an average of thirteen enterprise security breaches every day, resulting in roughly 10 million records lost a day—or 420,000 every hour.
As new connected devices come to market, security researchers have taken up the cause to expose their vulnerabilities, and make the world aware of the potential harm of connecting devices without proper security.
Security experts Chris Valasek and Charlie Miller grabbed headlines with their research on the vulnerability of connected cars when they hacked into a Toyota Prius and a Ford Escape using a laptop plugged into the vehicle’s diagnostic port. This allowed the team to manipulate the cars headlights, steering, and breaking.
In April 2014, Scott Erven and his team of security researchers released the results of a two-year study on the vulnerability of medical devices. The study revealed major security flaws that could pose serious threats to the health and safety of patients. They found that they could remotely manipulate devices, including those that controlled dosage levels for drug infusion pumps and connected defibrillators.
In 2012, Justin W. Clarke, a security researcher in the San Francisco Bay area, discovered a flaw in hardened grid and router provider RuggedCom’s devices. By decrypting the traffic between an end user and the RuggedCom device, an attacker could launch attacks to compromise the energy grid.
We can sort potential attacks against the Internet of Things into three primary categories based on the target of the attack—attacks against a device, attacks against the communication between devices and masters, and attacks against the masters. To protect end users and their connected devices, we need to address all three of these IoT attacks.
To a potential attacker, a device presents an interesting target for several reasons. First, many of the devices will have an inherent value by the simple nature of their function. A connected security camera, for example, could provide valuable information about the security posture of a given location when compromised.
A common method of attack involves monitoring and altering messages as they are communicated. The volume and sensitivity of data traversing the IoT environment makes these types of attacks especially dangerous, as messages and data could be intercepted, captured, or manipulated while in transit. All of these threats jeopardize the trust in the information and data being transmitted, and the ultimate confidence in the overall infrastructure.
For every device or service in the Internet of Things, there must be a master. The master’s role is to issue and manage devices, as well as facilitate data analysis. Attacks against the masters – including manufacturers, cloud service providers, and IoT solution providers – have the potential to inflict the most amount of harm. These parties will be entrusted with large amounts of data, some of it highly sensitive in nature. This data also has value to the IoT providers because of the analytics, which represent a core, strategic business asset—and a significant competitive vulnerability if exposed.
Dive in to the details of securing the Internet of Things with our comprehensive guidebook, “Building a Trusted Foundation for the Internet of Things.”
Join David Etue, Vice President, Business Development, Identity & Data Protection, for this on-demand webinar, as he discusses the security challenges inherent in IoT, and provides some strategies to mitigate threats.