21 Sep, 2020

Exposing Security Weaknesses Of Your IoT Devices

by nVisium

As a modernized society, we have come to rely on the Internet of Things (IoT) for everything from turning our lights on and off, regulating temperature, and self-driving to a specific address to reporting glucose levels to the doctor or delivering a drone strike to a military target. Done correctly IoT is an effective means to improve our very existence, but when a single vulnerability is exploited by a cybercriminal, it can lead to damage that ranges from the sublime (i.e. nuisance behavior) to the extreme (i.e. theft, destruction or even death).

IoT Devices Become Ubiquitous

While you may already know that IoT stands for Internet of Things and that it is a way of describing a device that is internet connected in order to execute a specific function as well as communicate status. What most people take for granted is that there isn’t just one type of IoT. A SecurityToday article titled “The IoT Rundown For 2020: Stats, Risks, and Solutions” segments 5 types of IoT today:

  • “Consumer IoT—such as light fixtures, home appliances, and voice assistance for the elderly.
  • Commercial IoT—applications of IoT in the healthcare and transport industries, such as smart pacemakers, monitoring systems, and vehicle to vehicle communication (V2V).
  • Industrial Internet of Things (IIoT)—includes digital control systems, statistical evaluation, smart agriculture, and industrial big data.
  • Infrastructure IoT—enables the connectivity of smart cities through the use of infrastructure sensors, management systems, and user-friendly user apps.
  • Military Things (IoMT)—application of IoT technologies in the military field, such as robots for surveillance and human-wearable biometrics for combat.”

The current statistics for Iot deployment are staggering. The previous mentioned SecurityToday article goes on to report:

  • “In 2018—there were 7 billion IoT devices in 2018
  • In 2019—the number of active IoT devices reached 26.66 billion
  • Every second—127 new IoT devices are connected to the web
  • During 2020—experts estimate the installation of 31 billion IoT devices
  • By 2021—35 billion IoT devices will be installed worldwide
  • By 2025—more than 75 IoT devices billion will be connected to the web”
So, it should be no surprise that these billions of devices also open up billions of new security vulnerabilities to be exploited by cybercriminals.

Exposing IoT Security Weaknesses

Ultimately, to fully protect your IoT strategy you will need to assess your full connected stack, from the hardware, firmware, operating system, software, network protocols, web services, and cloud infrastructure they interact with. The items that should be assessed include:

  • Secure communications
  • Memory corruption
  • Management interfaces
  • Usage of platform-security protections
  • Data storage and persistence
  • Cryptographic analysis
  • Protocol-level analysis
  • System update mechanism
  • Local and remote authentication
  • Authorization and access control
  • Backend application and infrastructure security
  • Mobile application integration
So, you can see that IoT presents unique challenges for securing smart devices and connected products. The sheer number of types and volume of deployment alone can be mind-blowing. Weigh that against all of your other DevSecOps priorities and you will probably come to the conclusion that talking with an experienced partner would be a great first step.

IoT Security Assessments Made Simple

We have blogged before on how to accommodate DevSec for IoT so you should check out that to expand your research if you haven’t read it already. Once you’ve caught up on that, you will be ready to see how IoT assessments can further protect your security posture.

nVisium empowers organizations to eliminate application and cloud security vulnerabilities before cyber threats exploit them with proven in-depth security assessments, remediation and training programs. Our experienced team of security-savvy developers and engineers guide organizations to build best practices with high ROI into their engineering and development lifecycles across applications, operating systems, networks, mobile, cloud and IoT through services, software solutions and R&D unique to business operations and compliance initiatives. Additionally, nVisium provides a fully managed platform for tracking and measuring performance as well as instructor-led and online training.

Blog-Banner-2

Our IoT security assessment methodology includes hardware testing, penetration testing, and static code analysis. The recommendations we provide focus on applying security controls across your stack capable of defending against a sophisticated and persistent adversary. Our IoT assessments identify weaknesses in an entire IoT architecture including software, hardware, API, and web and mobile components. Give us a call when you start your IoT strategy update or better yet, schedule a consultation today.

devsecops devops security IoT security

You might also like: