Essentials to Internet of Things Security
From VoIP.ms Wiki
 |
|
Businesses are aware of the potential of IoT devices. Enterprises around the world have started to embrace the Internet of Things as a means for clearer processes and communication. IoT devices can provide businesses with actionable insights and data which is not easily attainable by any other technology. Yet, enterprises are struggling with the basics of IoT security. In this article, we will discuss the basics of IoT security. But before that, let us briefly discuss why the Internet of Things (IoT) security is important.
Importance of IoT Security
Approximately 150,000 compromised routers, cameras, and other devices were all enslaved into a single botnet, focusing on a single target. Manufacturers often use common usernames and passwords to protect the IoT device. So, in technicality, there were a few thousand password combinations that attackers had to figure out to compromise tens of thousands of smart devices for launching the DDoS attack. All it takes is a few lines of code from cyber-attackers to test each of those default passwords and the device will get compromised and enslaved within a few seconds. Of course, only if the user did not change the default password. To avoid such wide-scale cyber-attacks like the one caused by the Mirai botnet makes IoT security of paramount importance. Of course, botnets are not the only type of threats that businesses and individuals must be aware of. Researchers have proven in the past that it is also possible to take control of a physical IoT-enabled car by simply breaking into the application which controls the onboard software. For instance, Russian researchers have managed to open car locks by simply hacking the application.
As discussed above, most people have the default usernames and passwords on their IoT devices. Manufacturers often hide the change username and password options deep inside the user interface. Thus, making it out of sight for most users. It is one of the most common reasons why many people do not even bother to change the default setting. If every IoT-enabled device had a separate username and password, Mirai botnet would not have happened in the first place.
Most IoT device owners often fail to update the software that came by default on their devices. Therefore, if a software vulnerability exists on the device, there is very little anyone can do to prevent the device from getting compromised.
Most IoT devices lack a basic encryption mechanism. Thus, failing to hide the data that is being transferred between the device and the central server. As a result, there is a chance that attackers might access your personal information.
E.164 numbering plan E.164 is a simple international numbering plan developed by the ITU (International Telecommunications Union), for public telephone systems in which any number is following a clear and easy structure: A country code, known as “CC,” a national destination code or “NDC” and a subscriber number or “SN.” An E.164 number can be up to 15 digits. Thanks to E.164 and its 15 digits in a number, we can have a high number of possible combinations, and that’s a good news because every human can contact any other human on earth on a unique phone number! Let’s see some examples: You’re living in North America and your local phone number is 555-123-4567, this number isn’t in the E.164 format. The correct writing is : +1-555-123-4567 where: +1 designate your CC, 555 designate your NDC, And 123-4567 designate your SN. In the E.164 phone number formatting the CC can have from 1 to 3 digits, if you are trying to call Mexico the CC will be +52, if you try to call Algeria the CC will be +213. Looking for a specific country code? You can find it in this list: https://countrycode.org/ As you can see, the E.164 is a worldwide standard for phone numbering plan, there is an evolution of the E.164 that is called ENUM, we’ll talk about it in other articles.
______ For more information, visit us at |
