Essentials to Internet of Things Security - VoIP.ms Wiki

Check out our YouTube channel to watch our simple tutorials that will help you set up most of our features.

Essentials to Internet of Things Security

From VoIP.ms Wiki

(Difference between revisions)
Jump to: navigation, search
[draft revision][draft revision]
Line 13: Line 13:
| style="width: 71%; border: none; background: none;" |
| style="width: 71%; border: none; background: none;" |
-
In response to a requirement of a standardized numbering plan for Direct Distance Dialing (DDD), engineers at AT&T and Bell Laboratories developed the North American Numbering Plan (NANP) in 1947. This development allowed people to make long-distance calls without any operator assistance.  
+
Businesses are aware of the potential of IoT devices. Enterprises around the world have started to embrace the Internet of Things as a means for clearer processes and communication. IoT devices can provide businesses with actionable insights and data which is not easily attainable by any other technology.
 +
 
 +
Yet, enterprises are struggling with the basics of IoT security. In this article, we will discuss the basics of IoT security. But before that, let us briefly discuss why the Internet of Things (IoT) security is important.  
-
Initially, the NANP was developed for 86 geographic areas, each with its unique three-digit NPA (Numbering Plan Area Code). However, the NANP was extended to 144 areas and 8 N00 Service Access Codes, and eight N11 codes. But with the advancement of switching technology, when the initial 144 NPA was exhausted in 1995, the North American Numbering Plan was extended to 792 codes.
 
Line 22: Line 23:
__NOTOC__
__NOTOC__
-
''' North American Numbering Plan '''
+
''' Importance of IoT Security '''
 +
 
 +
 
 +
Mirai botnet is the largest Distributed Denial of Service (DDoS) attack ever recorded. Over 1 terabyte per second flooded the Dyn network – a major DNS provider – bringing down websites such as Airbnb and Reddit. Having said that, the thing that made this attack so interesting is that it was carried out using IoT devices.
 +
Approximately 150,000 compromised routers, cameras, and other devices were all enslaved into a single botnet, focusing on a single target. Manufacturers often use common usernames and passwords to protect the IoT device. So, in technicality, there were a few thousand password combinations that attackers had to figure out to compromise tens of thousands of smart devices for launching the DDoS attack.
 +
 +
All it takes is a few lines of code from cyber-attackers to test each of those default passwords and the device will get compromised and enslaved within a few seconds. Of course, only if the user did not change the default password. To avoid such wide-scale cyber-attacks like the one caused by the Mirai botnet makes IoT security of paramount importance.
 +
Of course, botnets are not the only type of threats that businesses and individuals must be aware of. Researchers have proven in the past that it is also possible to take control of a physical IoT-enabled car by simply breaking into the application which controls the onboard software. For instance, Russian researchers have managed to open car locks by simply hacking the application.
-
The North American Numbering Plan (NANP) divides the telephone service territories into Numbering Plan Area (NPA), as discussed earlier, and assigns a three-digit area code to each. This three-digit code becomes the first part of the phone number. The other numbers consist of a three-digit prefix or central office code (indicating a specific exchange or rate center) and a four-digit station number.
 
-
This combination of the area code, prefix, and station number provides the destination routing address in the PSTN (Public Switched Telephone Number). This format is usually represented as NPA-NXX-XXXX. Here the NPA is the Numbering Plan Area, NXX is the Central Office Code and the XXXX is the Station Number.
+
'''IoT Security Vulnerabilities'''
-
Having said that, each area code has approximately 800 Central Office Codes. However, some of them like 911 are unavailable as they are dedicated to public use. Each central office code has 10,000 phone numbers, whereas every area code have almost eight million phone numbers. You might think of it as a large number. But some big cities go through them very quickly due to a fast-growing population and increasing cellular demand among other reasons. Having said that, once the numbers get exhausted new ones must be issued through a process known as area code relief.
 
 +
'''1. Default Login Credentials'''
-
'''Difference between North Numbering Plan and Formatting Elsewhere'''
+
As discussed above, most people have the default usernames and passwords on their IoT devices. Manufacturers often hide the change username and password options deep inside the user interface. Thus, making it out of sight for most users. It is one of the most common reasons why many people do not even bother to change the default setting. If every IoT-enabled device had a separate username and password, Mirai botnet would not have happened in the first place. 
-
'''1. Fixed Length Number Plan Area Codes'''
+
'''2. Lack of Software Updates'''
-
There is a certain difference between the numbering plan when it comes to the North American Numbering Plan and formatting elsewhere. For instance, the Number Plan Area codes of NANP have a fixed three-digit length. However, the Australian telephone number plan has Number Plan Area codes of a single digit only.  
+
Most IoT device owners often fail to update the software that came by default on their devices. Therefore, if a software vulnerability exists on the device, there is very little anyone can do to prevent the device from getting compromised.  
-
'''2. Variable Length Number Plan Area Codes'''
+
'''3. Communication Is Not Encrypted'''
-
While the NPA formatting in the North America Numbering Plan and the Australia Numbering Plan are different, they have a fixed length. But some countries have variable length NPA codes as compared to fixed-length NPA codes of NANP. For instance, the UK and Germany both have variable length codes ranging from two to five digits, and Japan's NPA codes have from one to five digits.
+
Most IoT devices lack a basic encryption mechanism. Thus, failing to hide the data that is being transferred between the device and the central server. As a result, there is a chance that attackers might access your personal information.  

Revision as of 19:06, 5 May 2021

Essentials to the Internet of Things (IoT) Security

Businesses are aware of the potential of IoT devices. Enterprises around the world have started to embrace the Internet of Things as a means for clearer processes and communication. IoT devices can provide businesses with actionable insights and data which is not easily attainable by any other technology.

Yet, enterprises are struggling with the basics of IoT security. In this article, we will discuss the basics of IoT security. But before that, let us briefly discuss why the Internet of Things (IoT) security is important.


Essentials to the Internet of Things (IoT) Security


Importance of IoT Security


Mirai botnet is the largest Distributed Denial of Service (DDoS) attack ever recorded. Over 1 terabyte per second flooded the Dyn network – a major DNS provider – bringing down websites such as Airbnb and Reddit. Having said that, the thing that made this attack so interesting is that it was carried out using IoT devices.

Approximately 150,000 compromised routers, cameras, and other devices were all enslaved into a single botnet, focusing on a single target. Manufacturers often use common usernames and passwords to protect the IoT device. So, in technicality, there were a few thousand password combinations that attackers had to figure out to compromise tens of thousands of smart devices for launching the DDoS attack.

All it takes is a few lines of code from cyber-attackers to test each of those default passwords and the device will get compromised and enslaved within a few seconds. Of course, only if the user did not change the default password. To avoid such wide-scale cyber-attacks like the one caused by the Mirai botnet makes IoT security of paramount importance. Of course, botnets are not the only type of threats that businesses and individuals must be aware of. Researchers have proven in the past that it is also possible to take control of a physical IoT-enabled car by simply breaking into the application which controls the onboard software. For instance, Russian researchers have managed to open car locks by simply hacking the application.


IoT Security Vulnerabilities


1. Default Login Credentials

As discussed above, most people have the default usernames and passwords on their IoT devices. Manufacturers often hide the change username and password options deep inside the user interface. Thus, making it out of sight for most users. It is one of the most common reasons why many people do not even bother to change the default setting. If every IoT-enabled device had a separate username and password, Mirai botnet would not have happened in the first place.


2. Lack of Software Updates

Most IoT device owners often fail to update the software that came by default on their devices. Therefore, if a software vulnerability exists on the device, there is very little anyone can do to prevent the device from getting compromised.


3. Communication Is Not Encrypted

Most IoT devices lack a basic encryption mechanism. Thus, failing to hide the data that is being transferred between the device and the central server. As a result, there is a chance that attackers might access your personal information.


Essentials to the Internet of Things (IoT) Security


E.164 numbering plan

E.164 is a simple international numbering plan developed by the ITU (International Telecommunications Union), for public telephone systems in which any number is following a clear and easy structure: A country code, known as “CC,” a national destination code or “NDC” and a subscriber number or “SN.” An E.164 number can be up to 15 digits.

Thanks to E.164 and its 15 digits in a number, we can have a high number of possible combinations, and that’s a good news because every human can contact any other human on earth on a unique phone number!

Let’s see some examples: You’re living in North America and your local phone number is 555-123-4567, this number isn’t in the E.164 format. The correct writing is : +1-555-123-4567 where: +1 designate your CC, 555 designate your NDC, And 123-4567 designate your SN.

In the E.164 phone number formatting the CC can have from 1 to 3 digits, if you are trying to call Mexico the CC will be +52, if you try to call Algeria the CC will be +213. Looking for a specific country code? You can find it in this list: https://countrycode.org/

As you can see, the E.164 is a worldwide standard for phone numbering plan, there is an evolution of the E.164 that is called ENUM, we’ll talk about it in other articles.


Essentials to the Internet of Things (IoT) Security


You want to know how to correctly dial to a specific country? Read VoIP.ms Wiki entry about Dialing Codes (https://wiki.voip.ms/article/Dialing_Codes) or contact our support team at [email protected].


______

For more information, visit us at
https://voip.ms or sign up now
to start making calls in under 5 minutes
at https://www.voip.ms/#Signup!
Retrieved from "https://wiki.voip.ms/article/Essentials_to_Internet_of_Things_Security"
Personal tools
Namespaces
Variants
Actions
VoIP.ms Wiki
Guides 🇨🇦
Guías 🇲🇽