The Most Significant Security Threats with IOT Devices

1
THE MOST SIGNIFICANT SECURITY THREATS WITH IOT
DEVICES
An Academic presentation by Dr. Nancy Agnes,
Head, Technical Operations, Tutors India Group
www.tutorsindia.com Email info_at_tutorsindia.com
2
Today's Discussion
Internet of Things (IOT) Incorrect access
control Outdated software Conclusion
3
Internet of Things (IOT)
IoT device security has long been a source of
concern, which inevitably led to the acceptance
of both minor and major threats. The majority
of these attacks are the result of
straightforward security issues, including the
use of telnet services' default passwords being
retained. Below are the 6 major security problem
in IOT devices .
4
Incorrect Access Control

• Only the owner and the people they trust in their
  local vicinity should have access to the
  services provided by an IoT device.
• The security mechanism of a device frequently
  fails to adequately enforce this, though.
• IoT devices may have a high level of network
  trust to the point where no additional
  authentication or authorisation is needed.
• Contd..

5
Every other computer or device linked to the same
network is likewise trusted.
When the gadget is online, this becomes a bigger
issue since anybody in the globe might
potentially use the capability it provides (Yu
et al., 2022). The identical default password
that comes with all devices of the same model is
a regular issue. For devices of the same model,
the firmware and default settings are often the
same. Contd..
6
The credentials for the device may be used to
access all devices in that series because they
are known to the public, supposing that they are
not changed by the user, which happens
often. IoT devices frequently have a separate
account or privilege level that is both
externally and internally accessible. This
indicates that there is no additional access
control after obtaining this permission.
Multiple vulnerabilities are not covered by this
one degree of security.
7
Outdated software
It is essential to publish the current version of
software when vulnerabilities are found and
fixed in order to provide protection. As a
result, IoT devices must be deployed with
current software that is free of known
vulnerabilities and have the ability to be
updated to fix any issues that are discovered
later.
Lack of encryption
Even if data is encrypted, flaws could still
exist if the encryption is incomplete or set up
improperly. For instance, a device might not be
able to confirm the legitimacy of the other
party. Even when the connection is encrypted, a
Man-in-the-Middle attacker can still intercept
it. Contd..
8
Encryption must also safeguard sensitive data
that is kept on a device (at rest). Lack of
encryption and storing passwords or API tokens in
plain text on a device are typical security
flaws. Other issues include the application of
weak cryptographic methods or the unauthorised
use of cryptographic algorithms (Lv et al., 2021)
.
Application vulnerabilities
An important first step in safeguarding IoT
devices is admitting that software includes
vulnerabilities. Device functionality that was
not intended by the creators may be activated
via software flaws. Contd..
9
In some circumstances, this might lead to the
hacker executing their own code on the system,
making it feasible to harvest sensitive data or
target other parties. It is difficult to totally
prevent security vulnerabilities while building
software. This is true of all software flaws.
There are ways to prevent well-known
vulnerabilities or lessen their likelihood,
though. This involves using recommended
procedures to prevent application flaws,
including consistently validating input (Karale,
2021) .
Insufficient privacy protection
Sensitive data is routinely stored on consumer
electronics. The password for a wireless network
is stored on devices connected to that
network. Contd..
10
Cameras can record audio and video of the house
where they are installed. A serious privacy
violation would occur if attackers were able to
acquire this information.
IoT devices and associated services must handle
sensitive data appropriately, securely, and only
with the end user's permission. This is true for
both the distribution and storage of private
data. The vendor is crucial in terms of privacy
protection. In addition to an external attacker,
the seller or a connected party may be in charge
of a privacy violation (Haque et al.,
2022). Contd..
11
Without explicit consent, the manufacturer or serv
ice provider of an IoT device may collect data
on user behaviour for uses like market research.
There are known instances when IoT gadgets, such
smart televisions, may be listening in on family
conversations.
User interaction
In order to ensure that installed security
measures are engaged and properly applied, user
contact is a crucial element. If changing the
default password is feasible but the user is
unaware of it or unable to use it, it is
pointless.
12
Figure 1 IOT device Vulnerabilities
13
Conclusion
Without a doubt, access management and exposed
services are the main security privacy issues
. IoT devices should also use best practises
security safeguards like encryption. By offering
documentation and communicating with customers
and security experts, vendors may encourage the
secure usage of their goods. Devices should be
physically secured to make it more difficult for
attackers. Finally, if a device is hacked, it
should reject the attacker's apps and alert the
user to a problem.
14
Contact Us
UK 44 - 1143520021 INDIA 91 -
4448137070 EMAIL info_at_tutorsindia.com