Professional Documents
Culture Documents
• Unauthorized persons might exploit security vulnerabilities to create risks to physical safety in some
cases.
• Examples:
1) Remote hacking into insulin pumps and change their settings so that they no longer delivered
medicine.
2) Remote hacking into a car’s built-in telematics unit and control the vehicle’s engine and braking.
3) A thief could remotely access data about energy usage from smart meters to determine whether a
homeowner is away from home.
5) Loss of control of vital infrastructures. "Who turned the lights off in the whole city?
IoT Privacy Risks
• collection of personal information, habits, locations, health
information, financial account numbers, financial account
numbers.
• Credit decisions
• Insurance decisions
• Employment decisions
• Social media.
• Educational records.
• Companies should test their security measures before launching their products. (They
may simply forget to close vulnerability in their products through which intruders could
access personal information or gain control of the device).
• Companies should also train their employees about good security practices.
specific security/privacy best practices
IoT companies should consider
• companies should consider implementing reasonable access
control measures to limit the ability of an unauthorized person to
access a consumer’s device and/or data. (Implement Strong
authentication and authorization protocols at the application
level)
• Physical Protection
• Mobile devices can be stolen
• Fixed devices can be moved
Security Requirements on a Platform with
Potentially Limited Resources
• Provide lightweight authentication and data protection
protocols (integrity and confidentiality) that are not easily
compromised.
• Maintain availability of the data or the service (sourcing
data from a secondary connection in case of connection
loss)
hypothetical IoT attack-Cisco
Watch Video 2 which describes a hypothetical IoT attack and try to
answer the below questions.
IoT Security threats and
attacks
• The cybersecurity challenges in IoT are similar to any other IT
environment but with different dimensions. There are large
numbers of IoT devices, mostly with low protection, that physically
interact with the Internet as their main function.
the high level topology of Mirai. There are three distinct workflows that are going
on: scanning, infection and attack.
Botnet attacks - Mirai
The scanning workflow
is responsible for
identifying potential
new members for
inclusion in the botnet.
They consist of the
botnet nodes, a report
server and the random
systems on the internet
that are being probed. C:\ SYN Specific IP
address or randomized
IP addresses
The Mirai scanning workflow can be broken down into three primary activities:
1. SYN Port Scan – probing the internet to identify possible targets (IoT Telnet /2323)
2. Brute Force Authentication – performing simple pattern matches (list of default passwords)
3. Report Success – results are sent to a centralized reporting server (IP address or MAC of the target)
Botnet attacks - Mirai
It is worth noting at this point that the malware code is cross-compiled on a variety of
architectures. The loader attempts to identify the architecture of the device and load the proper
executable. Then with the executable running, the device is now a member of the botnet and
begins performing the same scanning and attack activities as any other node in the botnet.
Botnet attacks - Mirai
Repeating the Attack
The actual attack workflow is shown in the flowchart which illustrates the functionality that’s responsible for
activating the DDoS attacks on the nodes inside the botnet. The process consists of three primary activities.
• The bot master issues an attack command to the command and control server.
• The command and control system tells each node in the botnet to launch an attack with specific details.
• Once the node receives a message from the command and control system it immediately executes the desired attack
sending packets as quickly as possible with no rate limit .
Botnet attacks - Mirai
• Covering Tracks and Blocking Competitors
• Mirai does a few things to protect itself from discovery. It’ll delete itself from
the file system once the malware is running. It deletes itself from the running
process.
This is a type of impersonation attack that intercepts communications between nodes to steal
information such as authentication credentials. In this attack, a hacker captures part of the
communication, usually login credentials, and replays it to bypass the authentication phase and access
the system. Hackers may also manipulate messages and relay false information.
A scenario of a MitM within the IoT is transmission of fake sensor data to interrupt business operations
and damage physical assets. For example fake information on soil moisture can cause over-watering
and flooding in the area, damaging the crop. False low temperature readings could damage physical
devices by overheating equipment.
• One method of storing IoT applications data is the use databases made using Structured
Query Language (SQL) or Extensible Markup Language (XML). However these databases
may be susceptible to code injection attacks.
• XML injection: During an XML injection an attacker tries to inject various XML tags
into the code with the intention of modifying the XML structure. A successful
attack results in a execution of a restricted operation such as modification of
payment data or unauthorized admin login. WS-Attacks.org provides examples of
attacks and countermeasures. (http://ws-attacks.org/XML_Injection)
• SQL Injection : Is a code injection technique which involves placing malicious code
in SQL statements via input boxes on web pages. The w3schools site describes the
potential dangers of using user input in SQL statements.
(https://www.w3schools.com/sql/sql_injection.asp)
XML injection Example
Listing 2 shows a modified payment
transaction. If the SOAP message gets
executed the attacker has to pay only
6.66$ instead of 4000.00$
Denial of Service (DoS)
• Denial of Service (DoS) is a type of network attack where services are
interrupted or become unavailable to users, devices or applications.
• When compared to other types of attack, DoS does not usually steal personal
information or create security breaches, but rather it denies access for
authorized users of the devices or services. This in turn may result in
organizational loss of reputation and usually has a high cost for repairing the
damage.
Denial of Service (DoS)
• If the DoS attack originates from multiple sources it is then called a Distributed Denial of
Service (DDoS) attack.
Vulnerabilities in IoT
• Many vulnerabilities in the traditional IT environment still exist in IoT products
in addition to the new ones that are introduced by the complex, heterogeneous,
distributed, and dynamic IoT environment.
• The vulnerabilities exist in all parts of the IoT environment including sensors,
network, devices, applications, and interfaces. Many IoT devices are not able to
handle the security implementations as they are operating on low power chips
with low storage, memory and battery life.
• Also there are authorization vulnerabilities in many IoT interfaces resulting from
the lack of implementation of access control and privilege assignment. This
means that all users have access to all resources.
10 Major vulnerabilities in the
IoT
3: Insecure network services (Open Unsecure ports)
• Attackers take advantage of insecure network services to
launch DoS, DDoS, and botnet attacks. In many IoT
network services unnecessary ports are open and even
the required open ports are not configured with security
measures.
10 Major vulnerabilities in the
IoT
4) Lack of transport encryption
• In a secure network, traffic is encrypted in transport layers so attackers are not
able to capture the data as cleartext. In some IoT cases the transport encryption
feature is disregarded to reduce the overhead in the internal network where it
is assumed that there is no external access, however an internal attack is still
possible.
10 Major vulnerabilities in the
IoT
5) Privacy concerns
• The lack of data access control, encryption of collected
data in many IoT applications creates serious
vulnerabilities in regards to the privacy of data and
especially for the security of personal data. Hackers can
steal and compromise users personal data in the absence
of proper data protection.
10 Major vulnerabilities in the
IoT
6) Insecure Cloud interface
• Hackers use server responses to fake usernames and passwords in “Login” and
“Forgot Password” pages to narrow down what the credentials must be. For
example if a server provides the clue that the username already exists then a
brute-force attack only needs to discover the password. Many IoT cloud
interfaces are not configured with a strong authentication system and are easy
to exploit.
10 Major vulnerabilities in the
IoT
7) Insecure mobile interface
• Mobile applications are widely used in IoT environments for collecting, storing
and transmitting data (mostly personal data) via mobile interfaces. The
communication from mobile interfaces to Cloud and IoT devices are not always
secure as in many cases data is transmitted without encryption. Also, just as
with Cloud interfaces, the existence of insufficient authentication processes in
many mobile interfaces make them susceptible to account brute-force attacks.
Accessing mobile interfaces helps the attackers to control the devices and
compromises the user data.
10 Major vulnerabilities in the
IoT
8) Insufficient security configurability
• Many IoT devices are not compatible with security configurations
and do not have features to address security controls. IoT devices
are mostly considered as cheap, resource constrained devices
which are low in power, memory, processing ability and storage.
Configurations of many strong security measures require a higher
level of resources that would increase the price of the IoT device.
In many cases vendors cut back the security measures to make
cheaper options leading to devices with low security
configurability.
10 Major vulnerabilities in the
IoT
9) Insecure software / firmware
• Software updates can also be troublesome for IoT devices.
Manufacturers of computing hardware often become aware of
weaknesses and vulnerabilities of the software that ships with
their hardware, and need to send out updates (or patches) to
address these threats. Having a mechanism for updating software
is itself considered a vulnerability, since it gives an avenue for
attackers to exploit that is designed for changing system code.
10 Major vulnerabilities in the
IoT
10) Poor physical security
• Many IoT devices can be easily disassembled and the storage
medium can also be easily accessed to retrieve the data. So anyone
who has physical access to the device is a threat to the system.
• Also the USB and any other external ports on the device, especially
the unused ones, introduce a security vulnerability where attackers
can access the data and device configurations.
10 Major vulnerabilities in the
IoT
10) Poor physical security
• The physical security of devices is an essential requirement for safeguarding a system as it
can lead to many other attacks. In an IoT environment devices are mostly required to be
placed in remote locations which makes it difficult to implement physical security
measures. Also IoT devices are constrained and more vulnerable to attacks.
• Attackers may steal the device, physically damage it, or remove the power or data cable
to disable it. Therefore physical security measures such as securing the perimeters, video
surveillance, and intelligent cases that disable devices in the event of tampering are
required to protect IoT devices from attackers. Also, many IoT devices are designed with
self-monitoring systems to trigger an alarm when they detect adjustment problems.
• It is important to implement physical device security at the early stages of IoT security
configuration to circumvent attacks caused by hardware vulnerabilities.
Introduction to Packet
Tracer
• Learn about packet tracer (can download Packet Tracer from
https://www.netacad.com/courses/packet-tracer-downlo
ad/
by enrolling in Cisco’s free Introduction to Packet Tracer
course. ).
• Watch Video 5 (Packet Tracer Demo) to learn more about packet
tracer tool.
Practical task 1: Packet Tracer -
Testing an IoT House
• Complete the Practical task 1: Packet Tracer - Testing an
IoT House activity. (See attached Folder named: Practical
Task 1 - Testing an IoT House - Packet Tracer)
• After completing the Packet Tracer task please answer
the quiz questions at the end of the provided document.
IoT Device Security Requirements
1) Secure Boot (root of trust) and system Integrity
secure boot
(also called root
of trust) is the
cornerstone of
an electronic
device's
trustworthiness.
Device Security
2) Secure firmware and operating system updates
60