Improved Security For The Internet-of-Things

Uploaded on 2016-07-22 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

We’ve all heard that the internet of things is inherently insecure and personal data related devices handle could end up in the hands of wrongdoers. One could assume some security measures could be set in place to prevent that from happening.

While that is true to some extent, security researchers have found several common vulnerabilities in IoT devices that traditional “smart devices,” such as laptops or smart phones, would have never got away with. Connectivity between IoT devices is often exploited, especially when it involves in-transit data encryption, default (or lacking) authentication credentials, or vulnerable communication protocols.

Updates and Patches?

Besides hard-coded passwords and open remote connection ports, some smart devices can be difficult to patch by non tech savvy users. For instance, some smart thermostats may require users to manually download updates on removable drives, mount them, and then apply the necessary updates manually.

While this resembles something from the early 90’s, some IoT devices were not designed to support over-the-air updates and security patches, potentially exposing users to security risks during the entire lifetime of the product. Not only do smart devices need a way of informing customers of security updates available to install, but they also must be deployed in a regular and timely manner.

Updates and patches are usually deployed whenever vulnerabilities are reported by security researchers, but fixes either don’t always make it to products that have already hit the market or users are not notified of their existence.

What should be done?

Following best practices already established in the industry in recent decades, any IoT device that hits the market should support a software update mechanism and enforce basic security. We’ve been educated to use strong passwords and encryption on our PCs and mobile devices for years, but we haven’t been educated to apply the same scrutiny to IoT devices as well.

While users share some of the blame for the security of smart devices, as they’re usually more plug-and-play and not security-driven, vendors are also at fault. Whenever we buy a new smartphone or laptop, our first thought is to install some sort of security solution and make sure we protect it with a strong password. At least the latter should apply to IoT devices, as most don’t usually allow security software to be installed.

IoT vendors should also be more focused on implementing security from the drawing board to make sure software updates and fixes can be distributed. The same way every piece of software on our PCs and smartphones is update-able, IoT devices should also exhibit the same behavior.

Integrated Home Network Security for IoT

One way of going about the problem of security IoT devices is going at the gateway level and simply plugging in a device next to your home router that’s able to quickly and seamlessly identify all household smart devices and protect them from outside attacks.

While this seems like a futuristic scenario, the Bitdefender Box enables users to not only manage all network-connect smart devices, but also lets them know whenever some of them are vulnerable. Providing a user friendly mobile interface, Bitdefender Box also offers reports on malicious attempts of attackers trying to take control of your IoT devices.

IoT security should also be about making informed decisions on how your smart devices should behave and who they’re allowed to “talk” to. Finding out that your IP camera is quietly broadcasting images to an unknown IP address could save your privacy. That’s when an integrated home network security solution for IoT comes in, protecting both your personal data and your privacy.

MacWorld

« 'Zero Days' - Hidden World of Cyber Warfare
Artificial Brains to Protect Against Cyberattacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MSG Systems

MSG Systems

MSG are committed to intelligent IT and industry solutions and offer independent consulting on all aspects of information security.

Nuvias Group

Nuvias Group

Nuvias Group is a specialist value-addedd IT distribution company offering a service-led and solution-rich proposition ready for the new world of technology supply.

Cequence Security

Cequence Security

Cequence, a pioneer in API security and bot management, is the only solution that delivers Unified API Protection (UAP), uniting discovery, compliance, and protection.

Perseus Cyber Security

Perseus Cyber Security

Perseus provides all-around digital protection for small and medium-sized businesses through state-of-the-art software solutions, flexible online training and emergency response.

Tech Nation

Tech Nation

Tech Nation is the UK’s first national scaleup programme for the cyber security sector, aimed at ambitious tech companies ready for growth, at home and abroad.

Acceptto

Acceptto

Acceptto offers the first unified and continuous authentication identity access platform with No-Password.

Selectron Systems

Selectron Systems

Selectron offers system solutions for automation in rail vehicles and support in dealing with your railway cyber security challenges.

InfoLock

InfoLock

Infolock are experts in data governance, providing consulting and advisory services that help organizations effectively secure, manage, and optimize their data.

Alias Robotics

Alias Robotics

Alias Robotics is a robot cyber security company. We deliver cyber security solutions for robots and robot components.

Audea

Audea

Audea is a consultancy firm specialising in cybersecurity, risk and compliance. We provide professional services addressing all areas of Cybersecurity and GRC.

Mindaro Insurance

Mindaro Insurance

Mindaro is adding the crucial piece of the cyber security puzzle that protects your organization from the financial ramifications of cyber attacks.

Keytos

Keytos

Keytos has revolutionized the Identity Management and PKI industry by creating cryptographic tools that allow you to go password-less by making security transparent to the user.

Automotive Information Sharing & Analysis Center (Auto-ISAC)

Automotive Information Sharing & Analysis Center (Auto-ISAC)

Auto-ISAC provides a forum for companies to analyze and identify threats sooner and share solutions that enhance vehicle cybersecurity.

Cypheria

Cypheria

Cypheria harness the expertise of elite military units and combine it with extensive digital combat experience to deliver unparalleled security solutions for organizations.

Nothreat

Nothreat

Nothreat has revolutionized how businesses like yours protect themselves from damaging cyber attacks. Our tech learns and adapts in real time, protecting clients from even zero-day attacks.

BlackSignal Technologies

BlackSignal Technologies

BlackSignal Technologies provides cybersecurity, digital signal processing and electronic warfare products to help DOD and IC agency customers counter near-peer threats and security challenges.