Babies are the apples of their parents’ eyes. Hence, it’s no surprise that parents will do everything they can to ensure the safety and well-being of their cherubs. They provide healthy diets, comfortable bassinets, and brain-stimulating toys. And they also use the ever-popular baby monitor to always keep their loved ones safe. Or so they think. What if cyber criminals were able to exploit baby monitors to break into your house?
Now, imagine your small- or medium-sized business in a similar situation, but with PCs or server breaches instead. We frequently welcome unsecured Internet of Things (IoT) devices into our lives and this is, literally, every cyber criminal's biggest dream come true.
The Internet of Things, or IoT for short, is considered the inter-networking of physical devices, vehicles (also referred to as "connected devices" and "smart devices"), buildings, and other items that are embedded with electronics, software, sensors, actuators, and network connectivity, and which enable these objects to collect and exchange data. Unlike cyberattacks on computers and mobile devices, IoT attacks have the potential to be life threatening. Recently, researchers demonstrated they could hack a 3D printer and insert malware that allows them to alter the design of various printer parts, thereby creating hidden defects in cars and drones that cause them to crash.
Network-level vs. device-level defense
There are two ways you can protect IoT: you can either secure the device or detect and block attacks at the network-level. But IoT has a major drawback: It can’t inspect encrypted traffic, meaning malicious code can evade traffic inspection by hiding within legitimate traffic. Like in endpoint security, we know that reliable security can be obtained from the device’s software. Basically, network-based protection is good, but not enough.
Diversity is key
So why isn’t there any in-device security products for IoT devices? The three following issues pose a challenge for security vendors in developing and maintaining products to run on modern IoT platforms:
- The diversity of IoT hardware - IoT is a mixture of systems composed of various types of CPUs and chipsets from various vendors. ARM-based platforms currently dominate the market, but Intel is continually pushing out their own platforms. On top of that, there are multiple manufacturers of IoT development boards; this means everybody has their own hardware infrastructure with integrated circuits, processors, chipsets, etc.
>The diversity of IoT operating systems
- - it doesn’t get any better at the software level either. Currently, there are 10 leading IoT operating systems, along with many other options. With tech giants such as Google, Samsung, Linux, and even Microsoft working hard to push out their own platforms, there are countless IoT operating systems available on the market today.
- The diversity of software versions - most IoT devices weren’t built with patching and updating in mind. Cameras, routers, printers, and sensors all have their own internal firmware designed to operate for years without an update. This is why many IoT devices have different versions of kernels, frameworks, web servers and applications. IoT operating systems have yet to see online-update, instant patch functionalities that protect modern operating systems.
The issue is clear: We have a multitude of IoT devices with various hardware, operating systems, and running applications of different versions. With that in mind, developing and maintaining an IoT-wide security product would be extremely challenging. The lack of sufficient in-device security services and solutions for IoT means we can expect to face many IoT security issues in the future. To address the coming wave of attacks, including malware and other security threats, a real paradigm shift in the development of defensive mechanisms for IoT is imperative.
By partnering with Complete Technology, we ensure a bright and promising future for your business. We not only keep you at the forefront of IoT security, but also empower your business with a bevy of IT services and solutions. Get in touch with us today!