Since the inception of the Internet of Things, or IoT, a slew of physical connected products is emerging, thus resulting in a drastic difference in the way consumers interact with electronics, home appliances, cars, and many more. Nowadays, the production and usage of IoT devices are increasing very rapidly, so are those dire consequences associated with it.
In the recent past, hackers have been stepping their foot in every new technology or devices that pops up and in line with it, IoT isn’t spared either. A recent vulnerability in a series of IoT chips was spotted by IBM’s X-Force Red hacking team. This threat is supposed to leave billions of devices in industrial, medical and commercial sectors at risk.
The red hat hackers are known as keen vigilantes in the hacking world and should a red hat find a malicious hacker, they would launch a full-scale attack. IBM’s X-Force red hack team is one such, that uncovers serious vulnerabilities in various sectors and forms.
The IBM-discovered security flaw, affects Cinterion EHS8 M2M modules developed by French maker Thales. The company has been working with IBM since the discovery of the vulnerabilities in September last year. Thales has released a security for the affected devices, a TechHQ report stated.
Thales designed these Cinterion EHS8 M2M modules for industrial IoT machines to secure communication channels through 3G and 4G networks. These IoT modules has been installed in sectors such as energy, medical, among others over the last 10 years. Thales reported that its IoT devices connect more than 3 billion things every year worldwide, used by 30,000 companies.
“These modules are mini circuit boards that enable mobile communication in IoT devices. More importantly, they store and run Java code often containing confidential information like passwords, encryption keys, and certificates,” researchers explained.
This vulnerability could do more damage across sectors, for instance, if an attacker penetrates medical devices, they can manipulate to cover-up concerning vital signs, overdose patients, create fake panic situations or worse, disconnect essential life-saving functions.
Many IoT devices are known to have vulnerabilities due to the devices having low computational power and hardware limitations that doesn’t allow for built-in limitations. Weak passwords that cannot be changed and the security sacrifices in order to be first to market, are all factors that contribute to vulnerabilities.
Also, if an IoT vendor develops devices with insecure software libraries or components from an insecure source, it is more likely that the device is vulnerable to being discovered by an attacker.
It is important to note that where an organization’s personal information is stored. If it is stored in an insecure environment, there are more chances that it would fall into deep pit. Data encryption is a basic and mandatory method that can secure data in storage during processing.
For instance, the Cinterion modules is equivalent to a “trustworthy digital lockbox”, where companies can securely store an array of secrets such as passwords, keys, operational codes and credentials. The newly discovered vulnerability attacks to extract those secret data, researchers added.
According to a report by Hewlett Packard, 84% of organizations that have adopted IoT claim to have already experienced an IoT-related breach. Having said, not all IoT devices fall victim to such flaws or vulnerabilities. It is very important how companies take measures to combat such attacks.
No new technology comes without flaws. IoT deployments risk leaving a back door wide open for attackers to exploit. As the growth of IoT continues, companies must adhere to tighter security controls in order to lock the door shut.
Understanding IoT’s massive impact on individual businesses is key to better control the tech. To do so, company leaders outside of the IT department must get to know its vulnerabilities and threats and understand their company’s IoT strategy.
Encrypting data is a major aspect of safekeeping data and transmissions so that attackers cannot read any data, personal, proprietary, or confidential information held by an organization.
Changing default passwords or using password managers help in quality password hygiene that can prevent IoT devices being exposed for vulnerabilities.
IoT vendors should consider two-factor authentication method for making credentials harder to crack. Two-factor authentication increases the strength of credentials even further. This is especially useful to combat malware attacks that uses known default credentials to gain access quickly to IoT devices.
In this pandemic situation, as more employees work from home, IoT devices in their homes become prone to attacks that might eventually lead back to an organization’s sensitive information. Organizations that can afford to provide their employees who have consumer IoT devices with security tools, must do so to protect their networks.
Companies can also consider employing a hacker or hacker team to identify any security flaws, from time-to-time. In the hacking community, hackers are identified by the color of their ‘hats’. For instance, white hat hackers are ethical hackers that can help companies to spot vulnerabilities in systems and draw a solution to strengthen the security.
IoT devices are set to be embedded in every aspects of our lives. Pretty soon, everything will be interconnected and analysed. Undoubtedly, IoT technology and its innovations should be called a boon. But since it connects all the things to the internet, the things are more likely to get exposed to vulnerability or security threats.
It is indeed every organizations’ and individuals’ responsibility to take IoT security seriously as hackers can easily take advantage of these devices for nefarious reasons.
In the case of Thales IoT exposed to vulnerabilities, IBM said that organizations should rethink on what they store on IoT devices. They must also use ‘behavioral analysis’ to examine if any unusual activity is occurring and hire ethical hackers to secure their network.
Sources: TechHQ, IBM, Thales, HewlettPackard,
Follow Asia Blockchain Review on:
Sujha has been writing and reporting on cryptocurrencies and blockchain technology developments since 2014. Her work has appeared in CoinDesk, CCN, EconoTimes and Fintech News Malaysia. She is also an accomplished Indian classical singer and loves baking cakes.
We provide information about Asia Blockchain Review latest activities as well as global blockchain news and research. Subscribe to our Newsletter now or Contact us