The era of the Internet of Things is quietly approaching. From routers, smart speakers, and refrigerators to cars and industrial equipment, more and more items are connecting to the Internet. However, the rapidly developing IoT brings convenience while also posing security risks, becoming a pain point in the development of the IoT industry.
Research institutions predict that in the future, 79% of IoT traffic will be accessed through gateways, and 50% of network traffic will come from IoT, contributing over 50 billion connections. After the IoT connects all things, the security issues become more severe than the Internet itself.
Given the widespread adoption of IoT devices globally, nearly 20% of organizations worldwide have suffered IoT-based attack traffic in the past three years, becoming victims of such attacks.
In 2017, the United States experienced a massive network outage involving over a million IoT devices participating in a DDoS attack. Reports indicated that hackers used a virus known as the Mirai botnet, which attempted to log in using default passwords once it scanned an IoT device (such as a network camera or smart switch). Once successfully logged in, the IoT device entered a “zombie” list, and hackers controlled it to attack other network devices, causing the American people to experience a nightmare of large-scale network outages from this virus.
In the same year, a thermometer in an aquarium in a casino hotel lobby was hacked, allowing attackers to penetrate the casino network and upload its “high-roller” database to the cloud.
In 2018, CCTV exposed that a large number of home cameras were hacked. Once controlled by hackers, they could become “zombies” used to attack other network devices.
In fact, governments and enterprises worldwide are working hard to ensure the security of these emerging connected devices. However, according to Gartner, global spending in the IoT security field is expected to further grow in 2018, reaching $1.5 billion (approximately 9.48 billion RMB). Compared to last year, this figure has increased by 28%, with $1.2 billion (approximately 7.59 billion RMB) directly allocated to protect IoT devices.
Currently, IoT devices are still not adequately protected. As collaboration among attackers becomes increasingly tight, IoT devices face various security challenges:
Unlike personal computers or smartphones, IoT devices typically lack processing power and memory. This means they lack strong security solutions and encryption protocols to protect them from attack threats.
These devices connect to the Internet and encounter threats daily. Cloud-based operations make boundary security less effective. The search engines for IoT devices also provide hackers with opportunities to access network cameras, routers, and security systems.
Currently, IoT device manufacturers lack strong security backgrounds and standards to indicate whether a product is secure. Many security issues arise from insecure designs. Not only do IoT devices themselves lack security capabilities, but many of the networks and protocols connecting them also lack robust end-to-end encryption mechanisms.
Many IoT devices have default passwords that hackers can find online. These devices may leave “backdoors,” providing opportunities for hackers as well.
The sheer number of devices makes regular updates and maintenance challenging. Many IoT devices require manual intervention to upgrade, while others cannot be upgraded at all.
IoT Companies Should Actively Enhance Security Capabilities
Considering these defects in IoT devices, various government agencies have regulated many IoT devices. For example, the Federal Aviation Administration (FAA) regulates drones, and the National Highway Traffic Safety Administration (NHTSA) regulates autonomous vehicles. The Department of Homeland Security is actively involved in IoT-based smart city projects, while the FDA oversees IoT medical devices.
However, current IoT applications are still relatively new, and government regulation is not perfect. Before regulatory agencies issue relevant laws and regulations, manufacturers lack motivation to prioritize security throughout the entire industry chain. Many IoT device manufacturers focus on pursuing new features while neglecting security.
It is worth noting that the IoT is an organically interconnected ecosystem. To deploy IoT on a large scale, a security system must be built, requiring active participation from enterprises. Here are some suggestions for businesses:
First, different IoT participants can deploy targeted protective measures based on their characteristics. As the scope and content of cybersecurity threats continue to expand and evolve, the types of cyber threats are rapidly increasing, and the methods and targets of attacks are also diversifying. Comprehensive situational awareness and real-time monitoring of network operations are becoming trends.
Second, IoT device providers must ensure terminal security, introduce secure development processes to enhance terminal security, and conduct security assessments before product launch. When developing embedded IoT devices, engineers must ensure data integrity, code integrity, and device integrity. To achieve this goal, security experts often mention six principles of embedded IoT security to enhance support for developers: identity/authentication, authorization, audit, confidentiality, integrity, and availability, many of which are centered around cryptography.
Third, choose the right IoT device partners to ensure platform security and secure connections between devices, mobile terminals, and themselves. Third-party software is emerging, but often lacks thorough testing. Some early IoT botnets exploited defects and characteristics in third-party chips within devices.
Fourth, participate in formulating IoT security industry standards, establish consistent standards, and incorporate security and privacy protection into the product development lifecycle. Collaboration among cross-industry manufacturers is key to establishing unified communication protocols and ensuring products can operate seamlessly and securely together.
It is evident that protecting IoT devices is not a simple task. Only by continuously investing in IoT security can enterprises effectively escape the status of becoming attack targets. At the same time, as relevant laws and regulations for IoT security gradually improve, this will promote the continuous increase in the industry’s demand for IoT security.
The security threats to IoT are far from peaking, which is precisely the dilemma facing IoT security today. However, protecting the security of IoT is an essential task and should be the baseline benchmark in our IoT values.
Related Articles
The Dark Cloud III Trojan Virus Rampages, Is Cloud Security the Next Stop for Cloud Providers?
Is “Smart Contract” Now a Heavy Disaster Zone for Blockchain Security? Don’t Panic!
Viruses Run Rampant, Who Will Protect Enterprises’ Cloud Security?
Can Qualcomm Target the Global IoT Market?
[Technology Cloud Report Original]
Please indicate “Technology Cloud Report” and include a link to this article when reprinting.
