What does IoT mean? The acronym stands for “Internet of Things,” so we are talking about objects that use a connection to interconnect to exchange information, collect and/or process them. This classification, therefore, includes all the objects that surround us in daily life and that have been made “intelligent” thanks to a connection (e.g., Smartwatches, Cameras, audio and video devices, machinery, appliances, and street lamps).
IoT technology is an enabler of intelligent infrastructures that make higher quality services possible and facilitate the provision of advanced functionalities (such as predictive maintenance). The opportunities arising from the IoT are the frontier of innovation, but like all technological advancements. Along with the opportunities, there are also new risks to manage.
Table of Contents
You are born and made.
It is important to distinguish between objects born as connected devices and objects that become in the course of life. I leave the study on “boomer” objects (i.e., not natively connected) to future articles and start with the “interconnected natives,” underlining how it is appropriate to immediately apply the principle of “Security by Design” because it will soon be mandatory, according to I Requirements provided for by the certifications dictated by the application of cybersecurity Act; this approach pays attention to device security as a necessary requirement from the foundations of the project, starting from the hardware design and continuing with software development according to strict secure development guidelines, in order to minimize the risks of vulnerabilities that could expose the devices to attacks, with the consequent compromise of the host system. Unfortunately, this type of approach is not yet so widespread: for this reason, legislation has been enacted, forcing producers and indicating minimum parameters appropriate to the risk, which will be verified by regulatory bodies to guarantee users.
The risk of interconnecting a device that does not have internal security systems to one’s own networks (domestic, corporate, or industrial) does nothing but expose us to innumerable risks. Consider, for example, video surveillance cameras: if not properly designed, managed, and maintained as a security tool, they can quickly become an intrusion tool, giving access to images directly to thieves, criminals, or “voyeurs.” This is not a joke: if you take a tour of http://isecam.com, you will see that we are not talking about a “potential” risk but a concrete reality. In fact, already today, it is possible to have access to several thousand cameras that open a window (even in HD) through which you can peek into the lives of others without any effort or particular computer skills. How is it possible? Simple, they were not designed with security by design logic: they came out of the factory with the same default remote access credentials, and no one changed them in the installation process; consequently, they are known to the whole world and available to anyone.
The most common attacks affecting IoT devices are undoubtedly those denials of Service and Distributed Denial of Service (Dos and DDoS). Let’sLet’s find out the definition given to us by the National Cybersecurity Agency: “Cyber attack that aims to compromise the availability of a system by exhaustion of its network resources, processing or memory. In the distributed version (DDoS), the attack comes from a large number of devices and is directed toward a target. Botnets are a tool for conducting a DDoS attack (Glossary Computer Security Incident Response Team – Italy). “A reflection: if we consider the increasing number of IoT devices present in our lives (many of which lack adequate security measures) and the nature of the attack mentioned above, we can come to a disturbing conclusion: our devices may be/have been / will be the tool used by Cyber Criminals to carry out an attack. In other words: the refrigerator could be used to attack the CIA,
We understood that all infrastructures/products equipped with sensors are at risk. But what are the aspects to be evaluated to ensure greater safety?
Authentication and password
It is important to set up secure authentication for IoT devices, such as, for example, establishing strong passwords (always changing the default ones, even for routers) since many times attacks occur due to a device that does not have the credentials or that still has factory ones (widely known on the dark web)
Secure and encrypted connections
Use end-to-end encryption. IoT devices connect, for the most part, wirelessly; it is recommended to use at least a WPA 2.0 (Wi-Fi Protected Access 2);
Network segmentation and diversification
It is recommended to manage IoT device traffic separately. In fact, it is recommended for optimal bandwidth management and to ensure greater reliability.
Updates and elimination of obsolete devices
It is essential to update the connected devices to prevent any attacks from already known vulnerabilities; if the update is no longer possible, it is recommended to discard the obsolete devices so as not to allow them to become the weak link in our security chain.
The firmware allows our devices to work and allows you to interact with other components. It must be always updated to allow it to function correctly and cover any pre-existing “flaws.”
IoT technology is destined to be more and more pervasive in our lives, not only from a personal point of view but above all for the businesses of companies, which increasingly focus on the power of data. By 2025, many researchers estimate that IoT devices will reach 30 billion. However, we must always keep in mind that evolution also involves security risks. What to do?
- If you are an end user when you buy an IoT object, do not limit yourself to the price, color, and core functionality for the decision; also, check the security features. To go back to the examples: in addition to checking who your children chat with, also check who your refrigerator is connecting to … and if you buy IP cameras, ask yourself if a few tens of euros saved are worth worldwide direct streaming of your bedroom ?!
- If you are a producer, remember that knowledge is the first step towards a safer and more informed technological approach. An aware market will be able to enhance products with a better quality also of cybersecurity, a feature that in the coming years will not only be a compliance constraint but an important element of competitiveness for leadership… do not miss the train!