Improved Security For The Internet-of-Things

Uploaded on 2016-07-22 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

We’ve all heard that the internet of things is inherently insecure and personal data related devices handle could end up in the hands of wrongdoers. One could assume some security measures could be set in place to prevent that from happening.

While that is true to some extent, security researchers have found several common vulnerabilities in IoT devices that traditional “smart devices,” such as laptops or smart phones, would have never got away with. Connectivity between IoT devices is often exploited, especially when it involves in-transit data encryption, default (or lacking) authentication credentials, or vulnerable communication protocols.

Updates and Patches?

Besides hard-coded passwords and open remote connection ports, some smart devices can be difficult to patch by non tech savvy users. For instance, some smart thermostats may require users to manually download updates on removable drives, mount them, and then apply the necessary updates manually.

While this resembles something from the early 90’s, some IoT devices were not designed to support over-the-air updates and security patches, potentially exposing users to security risks during the entire lifetime of the product. Not only do smart devices need a way of informing customers of security updates available to install, but they also must be deployed in a regular and timely manner.

Updates and patches are usually deployed whenever vulnerabilities are reported by security researchers, but fixes either don’t always make it to products that have already hit the market or users are not notified of their existence.

What should be done?

Following best practices already established in the industry in recent decades, any IoT device that hits the market should support a software update mechanism and enforce basic security. We’ve been educated to use strong passwords and encryption on our PCs and mobile devices for years, but we haven’t been educated to apply the same scrutiny to IoT devices as well.

While users share some of the blame for the security of smart devices, as they’re usually more plug-and-play and not security-driven, vendors are also at fault. Whenever we buy a new smartphone or laptop, our first thought is to install some sort of security solution and make sure we protect it with a strong password. At least the latter should apply to IoT devices, as most don’t usually allow security software to be installed.

IoT vendors should also be more focused on implementing security from the drawing board to make sure software updates and fixes can be distributed. The same way every piece of software on our PCs and smartphones is update-able, IoT devices should also exhibit the same behavior.

Integrated Home Network Security for IoT

One way of going about the problem of security IoT devices is going at the gateway level and simply plugging in a device next to your home router that’s able to quickly and seamlessly identify all household smart devices and protect them from outside attacks.

While this seems like a futuristic scenario, the Bitdefender Box enables users to not only manage all network-connect smart devices, but also lets them know whenever some of them are vulnerable. Providing a user friendly mobile interface, Bitdefender Box also offers reports on malicious attempts of attackers trying to take control of your IoT devices.

IoT security should also be about making informed decisions on how your smart devices should behave and who they’re allowed to “talk” to. Finding out that your IP camera is quietly broadcasting images to an unknown IP address could save your privacy. That’s when an integrated home network security solution for IoT comes in, protecting both your personal data and your privacy.

MacWorld

« 'Zero Days' - Hidden World of Cyber Warfare
Artificial Brains to Protect Against Cyberattacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Canadian Centre for Cyber Security (CCCS)

Canadian Centre for Cyber Security (CCCS)

The Cyber Centre is the single unified source of expert advice, guidance, services and support on cyber security for government, critical infrastructure, the private sector and the public.

KoolSpan

KoolSpan

KoolSpan’s security and privacy solutions address the growing threat of loss or theft of intellectual property, information, and proprietary assets.

Australian Signals Directorate (ASD)

Australian Signals Directorate (ASD)

The Australian Signals Directorate is an intelligence agency in the Australian Government Department of Defence.

Atos

Atos

Atos provides a unique Cyber Security end to end solution with a data-centric and pre-emptive security approach.

Advisen

Advisen

Advisen is the leading provider of data, media, and technology solutions for the commercial property and casualty insurance market including cyber risk.

Flexential

Flexential

Flexential helps organizations optimize their journey of IT transformation while simultaneously balancing cost, scalability, compliance and security.

Scanmeter

Scanmeter

Scanmeter helps identifying vulnerabilities in software and systems before they can be exploited by an attacker.

RFA

RFA

RFA is an institutional-quality IT, financial cloud and cyber-security services provider to the financial service and investment management sector.

EBRAND Services

EBRAND Services

EBRAND, the European experts for brand protection on the Internet. We offer a full set of services including cybermonitoring, fighting counterfeiting offences and online security.

Tetra Tech

Tetra Tech

Tetra Tech is a cybersecurity leader with extensive experience in supporting enterprise-wide programs and systems across multiple business lines from industrial control systems to health IT.

LogicalTrust

LogicalTrust

LogicalTrust security testing specialists find the weakest points in your company and show you how to fix them step-by-step, as well as how to improve your security.

Mobileum

Mobileum

Mobileum is a leading provider of Telecom analytics for roaming, security and risk management and end-to-end domestic and roaming testing solutions.

Software Improvement Group (SIG)

Software Improvement Group (SIG)

Software Improvement Group helps business and technology leaders drive their organizational objectives by fundamentally improving the health and security of their software applications.

Intelligent Technical Solutions (ITS)

Intelligent Technical Solutions (ITS)

We help businesses manage their technology. Intelligent Technical Solutions provide you with the right technical solution, so you can get back to running your business.

Kralos

Kralos

Kralos are an experienced team of Software and IT experts, specialized in the development of innovative cybersecurity solutions.

Xmore AI

Xmore AI

Xmore AI, an emerging disruptor in our incubation, is building AI models to optimize and secure IT with the mission of increasing efficiency and reducing costs.