Internet of hackable Things: 12 types of threats faced by IoT
Security, privacy image via Shutterstock
It is true that IoT is considered a game changer but it has huge potential for security disasters as well. In this post, David Harris, developer and a graphic designer at Logo Glaze, identifies 12 types of threats faced by IoT.
There are many questions which arise when you think about IoT and if they are not properly addressed they may jeopardize the entire existence of IoT.
No matter what these internet-providing companies tell us or what we think with regard to our safety, we are still prone to cyber-attacks. And since IoT has a direct impact on the lives of many, new security infrastructures need to be developed to limit these possible threats.
We, at Logo Glaze, learned some of these things the hard way but we don’t want you to learn about them the same way. Therefore, we designed this article to talk about the most basic types of techniques used by attackers to manipulate and steal confidential data.
Spear- phishing attack
Email spoofing attacks occur when the victim is tricked into opening an email or a link. Unlike phishing attacks, a spear phishing attack is highly targeted and customized. Before sending an email, the attacker pulls out personal information about the victim from Facebook, twitter, LinkedIn etc. This is then used to create a highly customized message which appears to be sent from a bank, company or a friend. Once the user clicks on the link, his system gets compromised and his data gets stolen.
- Use two –way authentication on social media
- Install firewall
- Use HTTPS instead of HTTP
- Do not click on any link sent from an unauthorized source
In theory, sniffers are used as network protocol analyzers. They are used as network troubleshooting tools but are also used by hackers for their corrupt practices. There are three ways in which an attacker can sniff data which can be categorized as wireless sniffing, external sniffing and internal sniffing. The attackers use these analyzers to steal user identity, passwords, IM or emails, packet data theft and monetary or reputational damage.
The oldest and most effective technique ever. Hackers steal data from the tags installed on various devices to create a replica. These replicas are so accurate that it is impossible for the reader to distinguish between the original and compromised tag. These replicas can then be used to achieve the objectives of the hackers.
- Shared-key based mutual authentication
- Secret asymmetric key
- Cryptographic key
Although strict security measures are deployed to ensure that a connection remains secure, the wireless nature of IoT exposes it to multiple threats of eavesdropping. The attacker can sniff out confidential data which is flowing between the tag and reader and then use it for his personal agenda.
- Use secure connections such as HTTPS
- Encryption of messages
- Identification of unknown devices on network
Spoofing occurs when an attacker sends out false information to RFID system which makes it believe that the information is sent from an original source. This grants full system access to the attacker where he controls it to achieve his own goals.
- Use an access control list
- Filtering outbound and inbound requests
- Use authentication based on key exchange
Sybil attack happens when an attacker hijacks a node so that multiple identities can be generated, whereas it is unknown to the network that all of these nodes are controlled by the same entity. An attacker can use these nodes to create false impressions based on reputation.
- Trusted certification
- Random key predistribution
- Location verification
Sleep deprivation attack
Every sensor has a limited battery life and they follow a certain sleep pattern to maximize battery duration. Sleep deprivation attack occurs when the attackers keep all the nodes awake, therefore leading to battery drainage. As a result, the nodes get shut down completely.
DOS (denial-of-service) attack.
This is the most common type of attack used up until. A huge amount of traffic is diverted to the target system. Due to excess traffic, the resources get depleted and as a result, the service becomes unavailable to the users. DOS attack is also hard to detect because they may use smoke screens to trick the victim into believing that the actual attack is happening somewhere else.
- Proactive approach
- Create a DOS attack mitigation plan
- Use additional software for security
- Load balancers to balance out traffic
The attacker can use the compromised node to inject malicious code into the system. He can then use that code to shut down the complete system, or he can even gain access to the entire network.
This is more of an information theft attack where the attacker intercepts the communication channel between two users. The attacker can monitor the entire private conversation without being detected.
The attacker can even fake an identity of the victim to extract additional information of the compromised party.
There are several protocols which are maintained in case of unauthorized access. In worst case scenario, too many attempts of unauthorized access can be fatal for the system as well. The attacker can manipulate the system by deleting existing data of the users or by forbidding access to IoT services. The system would then consider an original user as unauthorized access, too many attempts and the system might lock down forever.
This type of attack is only possible when there is an insider involved. He tampers with the data or the system from the inside for his personal benefit. This tampering can be of any nature, which may range from data theft to complete system control.