Internet of Things & Glitches in its Security -

Adheeb M S

The Internet of things or IoT has been influencing our life style already with or without our
knowledge. Since the advent of smartphone and its penetration into our lives we rely on it for
most of our activities relating to “internet”. So in a way we may presume, that smartphone
devices played a major role in the inception of IoT.
IOT has been a major player in impelling our lifestyle by the way we react to way we behave.
From a smartwatch which tracks you day to day activity, to a Tesla or smartphone which can
provide you the shortest route to your workplace or an Alexa or Google home device which can
setup your home ambience before you reach back. Interconnected smart appliances can cross-
communicate via a common platform like the smart home devices so that from a home’s
lighting to the core temperature to the physical security of the place would fall under the belt
of home automation.
IoT is a giant network with connected devices. These devices would gather & share data about
how they are used and the environment in which they are operated. So sensors help in
achieving this feat. The embedded sensors from all the physical & smart appliances would be
continuously gathering & emitting data. IoT’s common platform allows all the devices to dumb
data. IoT platform integrates the collective data and post data analytics and information
extracted as per requirement.
Now when there are a whole bunch of independent devices connected to internet with
dynamic user profile, security becomes an issue. A recent report from Zscaler suggested that
almost 90% of data transactions on IoT devices are encrypted. This took into account millions of
connections from IoT devices present on enterprise network and found that over 40% of them
are via unencrypted traffic. Meaning a large number is exposed to man-in the middle (MitM)
attacks where hackers in a position to intercept traffic can steal or manipulate their data.
This arises due to the IoT devices missing some of the core security features which are present
in our PCs, Laptops & smartphones like firewalls, antivirus etc. The DDoS Cyberattack on Dyn
way back in 2016 is a keen example for this. A series of distributed denial-of-service attacks
[DDoS] targeting systems operated by Domain Name system provider Dyn. This caused major
internet platforms and services outage to a large swathes of users in Europe & North America.
Amazon.com, Twitter, HBO, Netflix BBC, Spotify were some of the major players which faced
outage due to this attack. In this case, DDoS attack was accomplished through a large number
of DNS look requests from tens of millions of IP addresses. A large number of internet
connected devices enacted as the medium for this attack. Particularly using IP cameras and
network attached storages. The devices were infected with Mirai malware – which turned the
networked devices to remotely controlled “bots”. These bots were later used as a part of a
botnet in the large scale network attacks.
When we use a PC, it’s secured by the firewalls, antiviruses and other security features in-built
to them. Most of this IoT devices are having less to No security whatsoever. Even some of them
having default logins with admin – admin credentials.