Security is a ‘state of mind’ and not an end state. It has been a popular philosophical thought, but what it eludes is the fact of investment towards security. IoT has exploded with the onset of new smart tech gadgets. Though businesses today exercise security and safety measures within their organizations, it isn’t easy to keep upgrading an organization’s infrastructure to encompass these technology updates. Reverse engineering systems have always remained the passcode for unlocking backdoors to capitalize on security vulnerabilities. The best example of such a scenario is the 2016 MIRAI botnet attack. The attack caused massive DDoS attacks on large enterprises on Atlanta’s city administration and the ATL airport. IoT still lacks immunity against ransomware attacks and many new age cyberattacks.
In a nutshell, the dictionary of attacks is ever-expanding. The inclusion of new devices within the IoT ecosystem is ever-growing. Tons of sensitive data is getting channeled through these each day. Security has thus, taken centerstage in the IoT world, specifically during these crisis times, to tighten all the loose ends of the modern state of the art infrastructure & legacy technologies.
‘Security to the core’ has become a must in IoT due to the increased attack surface vectors like web interfaces, crypto methods, outdated firmware, intercepting unencrypted comms, and quite common clear text passwords. Hence it is mandated to embed security throughout the IoT supply chain. The landscape of attacks has widened significantly across both hardware and software. Software attack follows the usual protocol of getting access to firmware and analyzing it with few attacker tools. Few popular techniques are binary reversing by means like IDA Pro, finding bugs using Flawfinder, examining firmware by FACT, doing a web test by ZAP or GoBuster, and debugging by GDB. Hardware attacks span mainly into non-invasive attacks, which provide no chip access but only have external signals to intercept semi-invasive attacks, which provide limited access to the hardware and fully invasive attacks with full access to hardware. Mostly practiced non-invasive attacks are hardware fuzzing, timing attacks, hardware glitching, and power analysis aimed towards crashing the device. Semi-invasive attacks involve light emission analysis, which provides a photonic image of the chipset PCB, while fully invasive raids are conducted by linear code extraction.
Industry reports predict the mixed impacts of COVID-19 on the IoT market. From the technology perspective, enterprises are looking at CAPEX reduction over the short term and automating processes to make supply chain and manufacturing more flexible over the long term. Specific IoT applications like remote asset tracking, drones, healthcare, smart cities with easy to install IoT solutions will have an uptake over the coming weeks. Few recent developments have been across digital health companies like Kiska’s connected thermometers, Telehealth’s remote diagnosis, smart helmets with AI-enabled helmet, connected building applications like a video camera with facial recognition and temperature scanning, driverless delivery/street disinfectant technologies & drone companies for disinfectant spraying/meal deliveries. The challenge will be from the demand side than the supply side over the coming few months across below market areas.
From the industrial IoT side, APAC is expected to lead the push for industrial automation, specifically affected countries like China, Japan & South Korea, while EMEA & Americas will be progressing gradually. Business models will be shifted from selling hardware to selling services, and so will be for IoT and security markets. Industry experts suggest the adoption of an outcome-based business model along with free access to services with proof-of-concept based projects can yield better returns over the long run. Current challenges in IIoT implementation are lack of employee skills & knowledge, legacy equipment & infrastructure & ability to collect & derive results from operational data. Healthcare and telehealth markets are looking at a reduced cost of in-person visits and increased adoption of new tools for detecting temperature and social distancing. The entire supply chain is looking to gain insights from inventory and customer demand data exploring new technology options like Blockchain. The focus on security has increased multi-fold, emphasizing the need for safety across hospitals & connected medical devices based on issues like device upgrade and unsecured legacy infrastructure. Both corporate and home networks have collided, giving a push for expansion of remote working environments with secured network connections for desktops, VPNs, and industrial control systems as both industrial and critical infrastructure are under danger of cyberattacks. Hence there has been a push for the ‘secure by design’ principle in setting up new technology plans. Some of the real-life IIoT attacks are UART, where device usually boots into a particular console, U-Boot allows access to the bootloader shell, command injection attack downgrades device to older firmware and EEPROM reading. Few best practices exercised are a timely check of stack overflow, avoid SQL injection of webservers, update firmware over TLS with crypto-signatures, secure sensitive data with token-based identity management, harden toolchains and libraries, keep kernel and frameworks up to date, and devise threat modeling with IDS. Enterprises have been widely focusing on the different facets of IoT security throughout the supply chain right from chip manufacturing to device assembly.
Do you have an upcoming project and wantus
to help speed up your time to market?
These cookies are necessary for the website to function and cannot be switched off.
These cookies allow us to monitor traffic to our website so we can improve the performance and content of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited or how you navigated around our website.
These cookies enable the website to provide enhanced functionality and content. They may be set by the website or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.