With the development of IT, IoT (Internet of Things) has become a part of our everyday lives. However, there is also another issue that comes along with IoT. That issue is IoT security. Of course, IoT is not the only field where security is an issue, but IoT security is an integral part of our lives and solutions for addressing this issue should be carefully considered. In this installment of the series, we will discuss problems with IoT security and steps that can be taken to deal them.
We typically feel safe from hacking but it has buried its way into our lives and is even targeted at products such as home appliances and even automobiles.
A news article brought up the topic of the most recent smart refrigerators being able to be hacked. The article stated that users were susceptible to attack through weak points in the refrigerators’ security.
There has also been a case of chips embedded in irons transmitting spam. The chips were discovered when officials became suspicious of slight differences in the weight of the irons during shipping. The chips in the irons were designed to spread a virus and carry out spam attacks on unprotected wireless devices with a 200m range.
But these are not the only cases of this type of hacking. Two hackers posted a YouTube video depicting a hacking test in which they were able to hack into a Jeep Cherokee and the manufacturer was forced to recall 1.4M vehicles. The USFDA also issues a warning stating that devices used to automatically dispense pain medication and solutions in hospitals were susceptible to hacking. Hackers were able to maliciously increase dosages of medication by remote control of the pumps in the devices.
As we can see in the examples above, as the objects around us are being fused with IT, the dangers of cyber world are connecting with the real world and even extending into our lives. Therefore, what measures can we take to protect ourselves in these circumstances?
To better understand IoT security risks, we should start by taking a look at some devices that we initially were not concerned about. Of course, we will not only cover devices, but also look at networks and services as well because in the IoT environment, each element is connected.
Devices Due to unverified components or platforms on devices, attacks on supply chains and remote theft, tapping or counterfeiting of information is possible through firmware acquisition, automated access, rerouting and random attacks by way of exposed debug ports on the devices.
Networks Through iptable (Netfilter management tool for packet filtering in Linux kernels) and DNS (Domain Name Server) duplication, there are various threats such as pharming, network tapping, counterfeiting, replay attacks, cloud interface hacking, weak public platforms and web/application hacking.
Shall we now take a look at some real IoT security weaknesses that have been reported? Let’s look at an example of this in the smart home.
As shown in the chart above, when transmission for smart light bulbs is done through Zigbee or Bluetooth, issues occur do to the use of static password.
Also, buffer overflow can occur when controlling wall-pad manager app page parameters. CCTV system firmware updates can also be artificially fabricated, which can cause abnormal installation issues to occur.
If these IoT security weaknesses are exploited with the intent to execute harmful code onto a system, we can expect that there will be various adverse effects on the devices within the smart home system and the people residing in the home as well.
We have now discussed some of the threats involved in IoT security. However, we can appropriately respond to these issues while preventing the loss of device functionality and harm to people. Now let’s look into what steps are being taken to prevent harm caused by these threats and what plans are being made to address them on the government (in particular the Korean government), individual and industrial scales.
The Korean Ministry of Science, ICT and Future Planning, who sets, manages and evaluates policies related to science and technology, and also supports scientific R&D, proposed a plan to execute a 3 year road map for protecting IoT information. Security can be restructured into the following three categories: general internal/external IoT development, leading global IoT security technology development and strengthening competition in the IoT security industry. For general IoT development, alliances are being made between industrial, academic and research organizations to prepare general security and specialized security guides to be released in the IoT Common Security Principles (v. 1.0). An IoT security test bed is also expected to be constructed, which will further propel the IoT certification system.
It is important to provide thorough security on PCs, smartphones and routers for complete IoT security. We will now look at some countermeasures that can be taken by individuals to reduce the threat of IoT hacking.
From an industrial perspective, each business will have its own strategy for dealing with IoT security. Below, we will discuss the service provided by LG CNS.
This service offers thorough security examination from devices to the IoT service itself. Beginning with the service planning stages, the service provides specialized secure SDLC (Synchronous Data Link Control) on the IoT where security requirements are proposed and verified.
In order to provide security services for the elements (servers, gateways, devices, mobile etc.) that make up IoT, the security services must offer functions such as cross certification, information encryption, credential administration, user verification, secure boot and secure update. LG CNS has prepared just this type of system to combat the threat of IoT security vulnerabilities.
We have now discussed examples of IoT security making its way into our daily lives, weak points of IoT security and looked at some measures we can take to protect ourselves against the weaknesses in IoT security. While security in becoming a serious issue in various fields these days, shouldn’t we be able to understand these security problems and prepare for them in order to prevent large-scale security problems. Going forward, we should not let down our guard in the fight to keep security issues from penetrating our daily lives.
Countermeasures to Card Security Issues Focusing on Access Card Duplication
– A to Z Security Consulting from LG CNS (1) –
Security Information and Event Management Solution
– A to Z Security Consulting from LG CNS (2) –
How Well Is Your Medical Data Secured? – A to Z Security Consulting from LG CNS (3) –
When Will Our Office Be Completely Secure? (Approaches to Security Risk Analysis)
– Security Consulting A to Z with LG CNS (Part 4) –
Physical Security and Information Security into Convergence Security
– A to Z Security Consulting from LG CNS (5) –
How to Adopt a Security Management System – A to Z Security Consulting with LG CNS (6) –
Article l Hyuck Jun Suh l LG CNS Security Consulting Team