Cyber Security

in IOT
Tp-link
Dasmsh Verma
1NT16ME027
Content

1.Introduction to the company (TP-Link)

2.Security risks and Problem with IoT
3.How to protect your IoT devices
4.Avira SafeThings
5.Benefits in Industry 4.0
6.Reference
 Introduction to the company

 Founded in 1996, TP-Link is a global provider of reliable networking devices and accessories,
involved in all aspects of everyday life. The company is consistently ranked by analyst firm IDC
as the No. 1 provider of WLAN products*, supplying distribution to more than 170 countries
and serving hundreds of millions of people worldwide.
 Tp- Link set forth a new standard for networking security. TP-Link learned that its customers
love having the ability to customize their security settings and manage their network more
easily to meet the needs of their family.
 When TP-Link unveiled HomeCare a few years ago, it set forth a new standard
for networking security. TP-Link learned that its customers love having the ability
to customize their security settings and manage their network more easily to
meet the needs of their family.
 With the introduction of HomeCare Pro, TP-Link is taking this one step further and
adding additional layers of IoT protection and parental control. While previous
networking security solutions focus on PC or smartphone protection, they can’t
identify, and in turn, protect IoT devices effectively. Powered by Avira, Homecare Pro
can better identify smart home devices and check to determine if they are safe. With
Homecare Pro, users will be notified if a related security function needs to be enabled
or optimized to protect not only endpoints like laptops or smartphones, but also IoT
devices like smart bulbs, smart thermostats, smart plugs and more.
 Additionally, HomeCare Pro offers more robust parental control features to meet the
needs of your family. With scene mode, you can turn off Wi-Fi connectivity to several
devices at once making it easier for everyone to concentrate at the dinner table or
focus during homework time. HomeCare Pro also offers rewards, so it’s easier to
reward your child with internet time for doing their chores
Avira SafeThings™ transforms
routers into home protectors,
supporting user privacy and
placing IoT devices beyond the
reach of hackers. It secures your
customers’ connected home at
the best possible place — where
it meets the Internet.

It uses Artificial Intelligence to

learn devices’ behavior, block
vulnerabilities, guard against IoT
attacks and protect privacy.
 Internet of Things (IoT)

 Internet of Things (IoT) devices are being deployed in a wide variety of consumer applications
at homes, offices, buildings, cities, and so on, as well as military settings.
 Based on the application and the device type, data in these applications can vary from
environmental data to healthcare data, and so on.
 Not all data are private and confidential, but there is an increasing need to ensure that data
sensed and sent by IoT devices are secured, both during transit and at rest. However, IoT
devices, particularly inexpensive and computationally limited devices, are generally not
designed with any security mechanisms.śś
 There is, a need to educate users about
the potential risks of everyday
consumer IoT devices, for example by
mapping them to the known security
risks in the IoT physical layer. This is the
focus of this paper, where the findings
can help consumer IoT device
manufacturers in strengthening their
security design for future products. In
the next section, we will describe eight
common attacks targeting IoT devices
at the physical layer with the help of
one case study for each attack, as well
as suggesting potential mitigation
strategies.
 Security risks and Problem with IoT

Data protection
In the past few years, smart devices have taken data collection to frightening new heights,
making IoT privacy concerns one of the most pressing issues facing the industry. For example,
some smart televisions were caught recording conversations while listening for commands.
Smart speakers are also under suspicion of possibly recording speech. More than once, police
investigating crimes have tried to subpoena data from Google or Amazon when they thought a
smart speaker might have recorded pertinent info. And some vendors have been forced to
recall toys when it came out that a teddy bear or other gadget was recording children’s voices
and sending data to the manufacturer
Malware threats
In Because Internet of Things devices don’t always have security features, it isn’t
difficult for hackers to break into them. Just like PCs, Macs and mobile phones, IoT
devices are viable targets for malware infections. Some hackers have used malware
to either turn IoT devices into “botnets” that send out more malware or contribute
to distributed denial of service attacks. Other IoT malware simply freezes the
device (called “bricking” it). Since IoT is getting more and more popular, many
hackers have begun developing high-level software specially designed to attack
smart devices. Given the typically low levels of security as well as the wealth of
personal information stored on IoT devices, it’s understandable why they’d be so
attractive to cybercriminals.
Home intrusion
Once inside an Internet of Things device, or inside a network through an IoT
device, hackers can collect data about the household and sell it. You might think,
“So what? How much value does my household behavior history have?” but the
vulnerabilities are extensive. Some smart devices store passwords, credit card
numbers, encryption keys, and other sensitive information as plain text, which
makes it easy to read. A hacker could also collect data about a family’s comings
and goings, then sell that to someone looking for information about possessions
or when the home is left unguarded.
 How to protect your IoT devices
1) Think carefully about which devices need to be connected, and when. Do your smart
speakers need to be turned on when you’re gone or asleep? Does your smart Keurig coffee
maker need to be on once you’ve had your coffee? Do smart sensors at work need to be on
when the machinery isn’t running and workers have gone home? Consider this whenever you’re
adding a new IoT device. Don’t just automatically set it to be on all thetime, figuring you’ll get
back to it later.

2) Create a separate network just for IoT devices. If a hacker does manage to break in, the
separate system would limit the hacker’s access. In particular, make sure the router on that
network is secure by choosing a strong password, updating the firmware and software regularly,
and closing ports that are common vectors for transmission.
3) Use strong, unique passwords for IoT devices, just as you should on your computers,
smartphones, accounts, and applications. And if you’re having trouble remembering all
those different passwords, try using a password manager such as Avast Passwords. You
should especially make sure to change the default passwords that come with your devices.
Hackers know what these are and routinely check to see if they’re still active. If any of your
IoT devices support multi-factor authentication, enable that, too.

4) Check IoT devices regularly for security updates. Do they have firmware upgrades,
perhaps to address a vulnerability? Has their software been updated? Do they now
support passwords, multi-factor authentication, or other security features that you can
now take advantage of?

5) Use an anti-malware program that specifically protects IoT devices, such

as Avast Omni.
 Benefits in Industry 4.0

Encrypt data
Regulations like Payment Card Industry Data Security Standard and theupdated Markets in Financial Instruments
Directive recommend that all digital data transmitted over the internet should be encrypted, which means that if
someone manages to access sensitive data, they won’t be able to read it. According to Burns, organisations should
consider encrypting data using firewalls to protect IoT web applications, wireless protocols with built-in encryption
and the secure sockets layer networking protocol (SSL) for online tools.

Improve data authentication processes

Often, the most significant issues with IoT security are not linked to the devices or tools themselves, but to the
passwords and authentication methods that employees use to access their accounts. “Countless people use the
same password for every account they have. This means that even if someone manages to get your employee’s
email password, they could also get into your IoT system,”.
Manage hardware and software
Manage hardware and software Security for IoT needs to be implemented on multiple levels, according to Burns.
From a hardware perspective, it is important to store devices securely by keeping them locked away, for example,
and limiting the number of employees that can access them. From a software perspective, Burns says organisations
need to remember that IoT implementations need to be upgraded over time.Manage hardware and software
Security for IoT needs to be implemented on multiple levels, according to Burns. From a hardware perspective, it is
important to store devices securely by keeping them locked away, for example, and limiting the number of
employees that can access them. From a software perspective, Burns says organisations need to remember that
IoT implementations need to be upgraded over time.Manage hardware and software Security for IoT needs to be
implemented on multiple levels, according to Burns. From a hardware perspective, it is important to store devices
securely by keeping them locked away, for example, and limiting the number of employees that can access them.
From a software perspective, Burns says organisations need to remember that IoT implementations need to be
upgraded over time.

Isolate IoT devices

For the safety of enterprise networks, it is often a good idea to isolate IoT devices. “This means that if someone
hacks into a IoT device, they won’t necessarily be able to access the entire business technology stack.”
Reference
1) “Internet of Things Security Risks” https://www.avast.com/c-
iot-securityrisks

2) “Cyber Security Vulnerability”

https://www.researchgate.net/publication/336305949

3) “IoT Security Issues” Author: Alasdair Gilchrist

4) Tp-link case study - https://www.tp-link.com/us/case-study/

5) Avira SafeThings
https://safethings.avira.com/res/whitepaper.pdf