Cars, medical devices, and other products will continue to be produced with network capabilities, increasing attack surface. There is expected to be 20.4 billion IoT devices connected to the Internet by 2020. With an increasing number of devices coming online, attackers have more potential targets than ever before. Part of the problem with these IoT devices is that patches are not regularly rolled out like they are for regular computer systems. Patches for IoT devices are an afterthought, leaving devices vulnerable to attack. After purchasing an IoT device, consumers should download any new patches that exist and change the default password if they can. Patching will help remediate known vulnerabilities that exist while changing the default password to a complex password will defend against password guessing and password-cracking software. Corporations should consider segmenting their network, placing IoT devices on their own network, to prevent having a single point of failure.
Cyber Awareness Videos - Internet of Things
Please see our terms of use located here: https://www.csiac.org/csiac-terms-of-use/
Great presentation and understanding of the risk.
Great presentation and understanding of the risk. I am concerned about updates to devices which may not always be connected as well as the generic login/passwords. With millions and then billions of these devices, I am concerned they will be the #1 threat in the future.
Here is an article that may ease your worry: https://www.csiac.org/digest-article/iot-is-insecure-get-over-it-say-researchers/
Noted security experts Charlie Miller and Chris Valasek said the Internet of Things can’t be secure, but it can be tamed. Drawing from their car hacking experience, the two spent the morning contemplating the larger universe of IoT security and conceded that there will always be thousands of connected devices that will never be secure, and that industry should prioritize personal safety and the security of automobiles and medical devices, for example, over toothbrushes and door locks.
This webinar recording talks about incorporating security into the design of components used in the Internet of Things (IoT).
The webinar’s presenter, Shiu-Kai Chin, is a Professor at Syracuse University. He has devised, with Prof. Susan Older, Certified Security by Design (CSBD) to apply formal logic and tools to design and verify trustworthy systems. Together, they wrote the textbook Access Control, Security, and Trust: A Logical Approach, CRC Press, 2010. JP Morgan Chase used CSBD to verify the logic of its SWIFT protocols for commercial transactions. The Air Force Research Laboratory uses CSBD to assure missions in cyberspace. Shiu-Kai was a research scientist in the Defensive Information Warfare Branch of the Air Force Research Laboratory (AFRL).
https://www.csiac.org/podcast/certified-security-by-design-for-the-internet-of-things/