Sunday, March 1, 2015

6 Ways How Hackers Can Exploit IoT Products

The world is moving to the Internet of Things (IoT), the concept promises better and simplified future. All industry leaders are entering in IoT. However there is a reason for caution. Researchers have provided that IoT is not very secure. A team of researchers from HP Fortify reviewed ten IoT connected home security systems and found that all of them are vulnerable. Today we have listed six reasons why IoT is not as secure.




1. More Connections: 

IoT is spreading exponentially. According to statistics, there will be over 4.9 billion IoT users this year. The predicted growth is 25 billion by 2020. This large number of users means there is a lot of different doorways in same system. Fortify researchers researches for months to find out what issues enterprises are facing with the rise of IoT, they tested 10 devices on multiple platforms and found 20 vulnerabilities per system. 

2. Not Secure: 

IoT also involves connected home security systems that provide all security features for home. This includes door, lock, window sensors, motion detectors, video cameras and their recording mechanism. All these systems are connected via cloud to a mobile device or web. Hackers can easily access home video cameras or control security systems remotely with such provision in IoT. 

3. Authentication and Authorisation: 

Poor authentication methods is another important reason why IoT devices can be target of hackers. Weak passwords, insecure PINs, poor credentials and other weaknesses can be used to gain access to the system. Fortify researchers also found out that systems cannot lock accounts after failed attempts of access. Hackers can guess credentials multiple times to gain access to the account. Implementation of two-factor authentication is important in IoT.

4. Transport Encryption: 

Transport Encryption is referred to the data encryption while it is traveling. Transport encryption is very important in today’s age of internet where we often share personal information and sensitive data. In case of IoT, all the information and data being transmitted is personal and sensitive. Transport encryption is very important in IoT products, without it, all home related cloud connections are open to all kinds of attacks.

5. Insecure Cloud Interfaces: 

Most of the IoT products are cloud based or they use cloud as communication server. 70 per cent of cloud interfaces for IoT that are being used have numerous issues. Hackers can easily identify the valid accounts using feedback received from reset password mechanism, credential input and sign up pages.

6. Insecure Mobile: 

Mobile application interfaces are widely used in IoT products. Mobile interfaces have same issue as cloud interfaces, they are potentially vulnerable for identifying valid user account though feedback received from reset password functionality. Statistics show that 50 per cent of IoT products involve insecure mobile interface. 

No comments:

Post a Comment