Security Of IoT

The Internet of Things (IoT) has entered our lives and has opened the doors for a new set of security threats. Have you ever thought about what could happen if your IoT-connected refrigerator was hacked? A kettle that you can turn on remotely using your phone. A refrigerator that tells you what food is on its shelves. The trainers who tell you the distance you jogging. We can easily give an examples of IoT in our lives.  But have you ever considered their safety?

For example, suppose you purchased an IoT-connected kettle with a standard default password and user name. You do not change the password and the manufacturer does not warn you; Suppose that the necessary security and data encryption measures are in place. What can a hacker do to detect this fundamental vulnerability and install malicious software on your kettle? Your attacked kettle can then be used to attack a targeted website, and what you perceive as a inanimate object can create a security nightmare.

The recent DDoS (distributed denial of service) Dyn attack also showed the need for an IoT security wake-up call. The October 21st attack included a cyber weapon called Mirai botnet, an IoT device used to bomb Dyn servers, such as digital cameras and DVR players. After the attack, a senior member of cyber security at the Council on Foreign Relations; David Fidler noted:

“We have a serious security issue with cyber security of IoT devices and we have no real strategy to combat it. Imagine what a well-sourced state actor can do with unsafe IoT devices.” Accordingly, security experts predicted the rise of the "Security of Objects" of the current year - new solutions, software and tools are needed to solve the security problems of smart devices.

What is really worrying is that IoT device owners are often not aware of the attacks. The reason for this is that once a device has been intercepted, it is impossible to say that they were attacked because they normally continue to function. When these devices, the targeted system, corporate servers, and even the same network with confidential government data are located, new scenes behind the problems continue to emerge. The point is that there is no way to develop an adequate security strategy without knowing which devices are exchanging data on a particular network or the Internet as a whole. In theory, each device added to a network needs to be evaluated for security.