Improved Security For The Internet-of-Things

Uploaded on 2016-07-22 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

We’ve all heard that the internet of things is inherently insecure and personal data related devices handle could end up in the hands of wrongdoers. One could assume some security measures could be set in place to prevent that from happening.

While that is true to some extent, security researchers have found several common vulnerabilities in IoT devices that traditional “smart devices,” such as laptops or smart phones, would have never got away with. Connectivity between IoT devices is often exploited, especially when it involves in-transit data encryption, default (or lacking) authentication credentials, or vulnerable communication protocols.

Updates and Patches?

Besides hard-coded passwords and open remote connection ports, some smart devices can be difficult to patch by non tech savvy users. For instance, some smart thermostats may require users to manually download updates on removable drives, mount them, and then apply the necessary updates manually.

While this resembles something from the early 90’s, some IoT devices were not designed to support over-the-air updates and security patches, potentially exposing users to security risks during the entire lifetime of the product. Not only do smart devices need a way of informing customers of security updates available to install, but they also must be deployed in a regular and timely manner.

Updates and patches are usually deployed whenever vulnerabilities are reported by security researchers, but fixes either don’t always make it to products that have already hit the market or users are not notified of their existence.

What should be done?

Following best practices already established in the industry in recent decades, any IoT device that hits the market should support a software update mechanism and enforce basic security. We’ve been educated to use strong passwords and encryption on our PCs and mobile devices for years, but we haven’t been educated to apply the same scrutiny to IoT devices as well.

While users share some of the blame for the security of smart devices, as they’re usually more plug-and-play and not security-driven, vendors are also at fault. Whenever we buy a new smartphone or laptop, our first thought is to install some sort of security solution and make sure we protect it with a strong password. At least the latter should apply to IoT devices, as most don’t usually allow security software to be installed.

IoT vendors should also be more focused on implementing security from the drawing board to make sure software updates and fixes can be distributed. The same way every piece of software on our PCs and smartphones is update-able, IoT devices should also exhibit the same behavior.

Integrated Home Network Security for IoT

One way of going about the problem of security IoT devices is going at the gateway level and simply plugging in a device next to your home router that’s able to quickly and seamlessly identify all household smart devices and protect them from outside attacks.

While this seems like a futuristic scenario, the Bitdefender Box enables users to not only manage all network-connect smart devices, but also lets them know whenever some of them are vulnerable. Providing a user friendly mobile interface, Bitdefender Box also offers reports on malicious attempts of attackers trying to take control of your IoT devices.

IoT security should also be about making informed decisions on how your smart devices should behave and who they’re allowed to “talk” to. Finding out that your IP camera is quietly broadcasting images to an unknown IP address could save your privacy. That’s when an integrated home network security solution for IoT comes in, protecting both your personal data and your privacy.

MacWorld

« 'Zero Days' - Hidden World of Cyber Warfare
Artificial Brains to Protect Against Cyberattacks »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DTEX Systems

DTEX Systems

DTEX Systems is the global leader for insider risk management. We empower organizations to prevent data loss by proactively stopping insider risks from becoming insider threats.

Global Digital Forensics (GDF)

Global Digital Forensics (GDF)

GDF specialise in Digital Forensics and e-Discovery. Other services include Data Breach Response and Cyber Security.

SonicWall

SonicWall

SonicWall provide products for network security, access security, email security & encryption.

CompliancePoint

CompliancePoint

We design and implement strategies, processes & procedures to mitigate risk, reach compliance goals, protect data assets, and meet industry standards.

Dragos

Dragos

Dragos has built the first industrial cybersecurity ecosystem, the ultimate security defense.

RiskCentric

RiskCentric

RiskCentric is a consultancy specializing in risk management and compliance.

Swiss Accreditation Service (SAS)

Swiss Accreditation Service (SAS)

SAS is the national accreditation body for Switzerland. The directory of members provides details of organisations offering certification services for ISO 27001.

Marcus Donald People

Marcus Donald People

Marcus Donald People is a UK IT recruitment specialist covering the following sectors: Infrastructure & Cloud, Information Security, Development, Business transformation.

New Enterprise Associates (NEA)

New Enterprise Associates (NEA)

As one of the world’s largest and most active venture capital firms, NEA has developed deep domain expertise and insight into our industries of focus - technology and healthcare.

CyberMDX

CyberMDX

CyberMDX delivers proactive security built for hospital devices. 360° visibility, insight, and protection for all connected hospital technologies.

Wontok

Wontok

Wontok deliver innovative value-added data security services that fill the gaps left in traditional security solutions.

Informatics International

Informatics International

Informatics is a leading ICT provider in Sri Lanka, providing cutting-edge software & infrastructure solutions and services including cyber security.

Telefonica Global Solutions (TGS)

Telefonica Global Solutions (TGS)

Telefonica Global Solutions is the technological partner of wholesalers and enterprises, helping them to achieve the digitalization they need.

Across Verticals

Across Verticals

Across Verticals is a boutique cyber security consulting firm that specializes in holistic, deeply technical and end to end cyber security advisory services based on industry best practices.

TokenEx

TokenEx

TokenEx Cloud Security Platform protects sensitive data to strengthen our clients' security postures while future-proofing their operations.

Protos Labs

Protos Labs

Protos Labs enables insurers & enterprises to make better cyber risk decisions through holistic, real-time risk management tools.