Securing the IoT tsunami

By : Ian Hall, Manager, Client Success, APAC, At Synopsys Software Integrity Group | Thursday, April 29 2021 - 22:55 IWST

Four IoT security challenges
Four IoT security challenges

INDUSTRY.co.id - The Internet of Things (IoT) is a reality. Gartner forecasts 25 billion IoT devices by 2021, and other industry sources and analysts predict even larger numbers. Although projections of unprecedented growth are ubiquitous among industry pundits, the efforts to secure this tsunami of connected devices are in their infancy.

The IoT is still relatively new, so it lacks regulations that mandate security. The potential for misuse, however, is massive-and could lead to major embarrassment (and worse) for businesses and consumers. 

Connected devices have already been utilised to launch massive DDoS attacks on websites, in-home security cameras have been hacked and used to spy on people, and sensitive consumer data has been compromised. 

Timely testing and securing of IoT is the need of the hour.

Four IoT security challenges
IoT systems (including the Industrial Internet of Things [IIoT] and connected machinery) are quite complex from a security perspective, and they pose several contrasting challenges.

Scale

Unlike traditional web apps, IoT software is deployed on thousands and even millions of devices and are always on, so vulnerabilities are magnified over a much wider attack surface.

Lifespan

A lot of IoT devices are embedded within equipment that lasts a long time — even decades (automobiles, subsea devices, HVAC systems, and so on).

It’s often hard to deploy patches on or upgrade the software contained in these devices as frequently. 

The likelihood of vulnerabilities persisting in these devices for months to even decades is extremely high.

Open source operating systems

The large majority of IoT devices run on open source operating systems and on off-the-shelf hardware and networks. The inherent vulnerabilities baked into open source software makes them even more susceptible to attacks.

The 5G network effect

5G is expected to usher in the IoT era to an even greater extent. With its high bandwidth and speed, it will connect everything and remain always on. 

This increases the likelihood of an attack, and a public network is always more susceptible to an attack.

Facets of an IoT deployment
Consider IoT systems within the context of medical devices, automotive equipment, and consumer electronics. 

From a security testing perspective, these mixed-technology deployments have a multitude of potential attack surfaces and technologies that must be protected.

The cloud. The IoT and cloud computing are a match made in heaven. The capacity needed to handle the sheer volume of data as well as the processing required for large-scale IoT adoption can only be driven by cloud computing. 

Smart devices will be connected by default to either edge data centers or centrally located data centers, which will process and store the data they generate. The cloud could also be utilised for IoT device security controls.

Embedded devices. 

Each “thing” within IoT is essentially an embedded computing device that sends and receives information over a network. 

Embedded devices run software and have a smaller memory footprint, along with an operating system and a processor. 

Just like the network they are connected to, these things are all susceptible to attack-especially as they might run old, general purpose, open source software that isn’t often updated for patches.

Web applications. 

Often, IoT devices connect to a web app, and some IoT devices even have an embedded web server. That’s why web app security testing principles apply to IoT security.

Custom applications. 

The IoT is vast and spans apps that power smart cities, automobiles, agriculture, healthcare, and more. Given the wide variety of devices, standards, and technologies applied to IoT, there’s a lot of incompatibility in the ecosystem. Custom apps are therefore widespread in IoT.

The network. 

Most smart devices are always connected by default. They’re connected to the gateways and the back end via a variety of network protocols. 

And just like the cloud, embedded devices, and web/customised IoT apps, the network itself is highly prone to attack.

Mobile devices. 

With the increasing adoption of 5G, the IoT will have the mobile network speed, device density support, and data transfer speeds to support the billions of mobile IoT devices, as well as the mobile apps to control these devices. 

The network, mobile, and the cloud are the three pillars of IoT.

Thick client testing. 

IoT data processing is increasingly moving to the edge to facilitate faster decisioning. Decentralised thick client computing at the edge is common, particularly in devices that may need to operate without connectivity from time to time.

Fuzz testing.

If an IoT device becomes unresponsive or acts abnormally due to inconsistent input, it may affect real-world operation. Fuzz testing simulates what a hacker would do by creating a wide range of corrupt input that will cause the app to fail.

News Comment

Today's Industry

Photo: Aris Nurjani/VOI

Rabu, 28 Februari 2024 - 12:47 WIB

Carsurin and NBRI Strengthen Strategic Alliance to Propel Indonesia’s EV Industry

PT Carsurin Tbk ("Carsurin") and the National Battery Research Institute ("NBRI") are pleased to announce the signing of a pivotal Strategic Alliance Agreement (SAA), marking a significant advancement…

Beras (Foto/Rizki Meirino)

Rabu, 21 Februari 2024 - 08:43 WIB

Gov’t to Continue Disbursing Rice Assistance

President Joko “Jokowi” Widodo has ensured that the Government will continue rolling out the rice assistance program for low-income families. The President made the statement when handing…

Ilustrasi pabrik beras. (Foto: DetikFood)

Rabu, 21 Februari 2024 - 08:40 WIB

Bapanas Head Ensures Availability of Rice Stock Ahead of Ramadan

The National Food Agency (Bapanas) has ensured the availability of rice for the fasting month of Ramadan and Eid al-Fitr 1445 Hijri/2024 CE. “We believe that there is enough rice for the fasting…

Receives Chairman of Jababeka (KIJA), Menpora Dito Ready to Support the Development of Sports SEZs

Rabu, 21 Februari 2024 - 08:23 WIB

Receives Chairman of Jababeka (KIJA), Menpora Dito Ready to Support the Development of Sports SEZs

Chairman of PT Jababeka Tbk (KIJA), Setyono Djuandi Darmono met the Minister of Youth and Sports of the Republic of Indonesia (Menpora RI) Dito Ariotedjo at the Kemenpora RI Office, Senayan,…

The Indonesian Embassy in Cairo Receives Aid for Palestine

Senin, 19 Februari 2024 - 17:39 WIB

The Indonesian Embassy in Cairo Receives Aid for Palestine

The Indonesian Embassy in Cairo welcomes the Radjiman Wedyodiningrat Warship (RJW-992) which arrived at the Al Arish Port, North Sinai Province of Egypt at 8.00 A.M. Cairo local time (13/02).…