by Snoron.com

Internet Of Things : Threats and Challenges

In my previous article I had shared the current scenario and predicted scope of internet of things, the overall picture is appealing in terms of money, jobs, usability etc. but along those lines there was a hidden warning, in this post I am going to elaborate on the issues and what may be called the problems and other challenges internet of things will bring.

by Snoron.com

Internet of Things is clearly not a new concept, technology lovers can support me on that, it has been there since the launch of the internet. As soon as any device collecting any kind of data connects to the internet it makes a contribution to the internet of things. But with every such device comes enormous data and managing such data from hundreds of devices is a humongous task. Thus costs involved in managing, filtering, safe keeping, accessibility etc.. are huge, and often not affordable by many.

We all are aware of various cyber attacks and risks internet users face in their every day use of technology. With internet of things you can just multiply it by 100 times. Following are some recent attacks demonstrating the kind of threats we have to prepare ourselves for before we even think about IoT deployments.

  • In November 2013 Symantec detected the worm Linux.Darlloz exploiting the PHP vulnerability CVE-2012-1823 to propagate itself.
  • Proofpoint discovered more Than 750,000 Phishing and SPAM Emails Launched From “Thingbots” thingBots could be used in an attack against a critical infrastructure from anywhere in the globe
  • Akamai spotted a Spike malware which is used to run DDoS attacks through desktops and IoT devices. Spike toolkit is able to generate an ARM-based payload. The spike botnet was composed by routers, smart thermostats, smart dryers, freezers and other IoT devices.
  • Bash Bug (CVE-2014-6271) is a critical flaw in the widely used in Unix Bashshell disclosed on 24 September 2014. Many IoT devices have Linux embedded and could not be easily patched.

hacker_wallpapers-8

Security is undoubtedly the main concern for the Internet of things patrons but there are other factors too which will not allow IoT transitions to be smooth enough. Issues related to management of enormous data, maintenance costs and bandwidth requirements are a few to name. following is a list of possible issues and known challenges IoT will be and is facing currently.

Security : It has been the top ranker in Gartners list of IoT threats. Legion of devices that are connected to internet lack the basic requirements of safety. In order to get cheap access to IoT security is overlooked most of the times, but what users forget is that they are becoming vulnerable to serious attacks like Ransomware, Spyware, DDOs and many more…The biggest challenges IoT deployers will face are managing the patches, security controls etc… which will include various firewall, authentication and configurations at various levels of the overall topology. With more and more connected devices entering the system, it is nearly impossible to keep track of all the configurations and updates for practically every device in these environments.

2eaabfc6f31f324aee068cc9e5894ae5_330Privacy : We are already struggling with our privacy protection while under internet, the problem is going to be a million times bigger with IoT devices. Since the commencement of internet, user privacy has been compromised from behavioral data, personal messages or emails to bank and credit card details being sold and bought by hackers and companies. It is easy to see that users who do not even take time to read the terms of service agreement when downloading various apps will be losing their privacy altogether at the hands of IoT. Because with IoT, connected devices that would be monitoring and sharing intimate user data will be making it available to hackers who could tap vulnerable device network easily. With IoT, it’s not so much about credit card numbers but rather stealing rich data records and behavior information, presence and absence patterns.

Data Processing and Storage Management : The humongous data both personal and enterprise that is collected by the IoT devices needs to be managed to make it available at right time to right person. Not all of such data would be valuable and it will be a very daunting task to filter and save valuable data and discard the trash. Authenticity of such data will also be a concern as hackers can inject false event data or disrupt the transmission of legitimate event data. The impact of the IoT on storage infrastructure is another concern as it adds to the increasing demand for more storage capacity, and one that will have to be addressed soon as this data becomes more dominant. The focus today must be on storage capacity, but also on whether or not the business can harvest and use IoT data in a cost-effective manner.

Data Center Network Bandwidth : data center’s WAN links are generally sized for the moderate-bandwidth requirements generated by human interactions with applications on desktop/laptops or mobiles. IoT promises to dramatically change these patterns by enabling machine to machine communication without human intervention and transferring massive amounts of small messages and sensor data to the data center for processing. Already, data levels caused through conventional ways have been outweighed by the data from mobile/smart devices. IoT devices increase risks of security attacks, through public networks and via additional native apps on devices, as well as a greater amount of “chatty” data between the various devices and the datacentre. The enormous data in IoT is dynamic in nature too so the middleware of IoT must have huge capacity and should be expandable to store increasing data. Cloud computation platform already face several major security challenges including risk of priority process, risk of management agencies, risk of data premise, risk of data isolation, risk of data recovery, risk of investigation support and risk of long-term development.

hacking_wallpapers_20100508_1626184131

Hardware and Cost : Although many “things” can interact with each other today, the reality remains that these things have big compatibility issues solutions of which are still far far away from being open sourced, and hence are controlled by vendors. The Cheap and disposable devices that are entering the network in bulk are causing even more un-standardized and hence incompatible “things” which is probably the last thing our industry wants. As the IoT market matures, these widely deployed and low-cost sensors and devices are less likely to be viewed as worth continued maintenance. Offering a constant stream of security patches and updates to keep low-cost devices safe and functional for the long-term requires money. If vulnerabilities are discovered, patches or updates might be issued, but only in the first year or two. The vendor expectation is that users will need to buy a full replacement or live with the risks — not to mention that users are not very likely to manage patches and updates for non-critical devices.

Having laid out the horror IoT may bring it will still be most largely used technology, see how we still use the internet in such risky ways, our data been stolen without our knowledge, behavior data being bought and sold by big companies etc…what I am trying to say is the problems IoT has can be solved and brought down below our tolerance levels. But at the end of the day users and deployers will have most responsibility to make sure all security measures are taken to prevent any theft or loss of privacy.

References:

  1. http://www.trendmicro.com/vinfo/us/security/news/internet-of-things/ioe-layers-protocols-and-possible-attacks
  2. http://www.windriver.com/whitepapers/security-in-the-internet-of-things/wr_security-in-the-internet-of-things.pdf
  3. http://www.computerweekly.com/feature/Internet-of-things-is-coming-Is-your-datacentre-ready
  4. http://www.toptal.com/it/are-we-creating-an-insecure-internet-of-things
  5. http://venturebeat.com/2015/01/10/for-the-internet-of-things-the-cost-of-cheap-will-be-steep/
  6. http://csi.dgist.ac.kr/uploads/Seminar/1407_IoT_SSH.pdf
  7. http://www.computerworld.com/article/2937976/internet-of-things/is-your-thermostat-spying-on-you-cyber-threats-and-iot.html
  8. http://www.csoonline.com/article/2134265/network-security/the-internet-of-things–top-five-threats-to-iot-devices.html?page=2

Originally posted 2015-10-12 10:52:03. Republished by Blog Post Promoter

Leave a Reply

Your email address will not be published. Required fields are marked *