This article is a review of a very important topic that I believe was not enough to say so far so I decided to look at this topic a bit.
What is IoT?
This shortcoming was first used in 1999, at the peak of the dot-com balloon, to describe the network to which all things will be connected (originally conceived, using RFID technology). However, a dot-com balloon shot and the story of connecting all things died. However, by developing 3G and then 4G mobile networks as well as developing network technologies that have become cheaper and more resource-efficient today, you can use many devices over the network. Based on all of the above we can conclude that IoT is essentially any device that communicates over a network, wire, wi-fi or mobile. Today, billions of devices are an integral part of the Internet of Things platform and use built-in hardware and software to send and receive data across various communication protocols. Many dreams about “smart homes” where each device will function automatically and make life easier for us.
And now a little more technical
Internet of Things (IoT), also called the Internet of Everything (IoE), is made up of all the devices that can connect to the network and collect, send and function according to data collected from the environment using built-in sensors, processors and hardware communication. These devices, commonly referred to as “connected” or “smart”, may sometimes “talk” with other connected devices, in a process called machine-to-machine (M2M) communication, and work on the data obtained from one of other. But not all that great is probably the biggest challenge for IoT in the security field.
What is the biggest problem with IoT?
The first obvious thing is that we have come to our home to be endangered because we now have a lot of these devices in the home that can be easily misused as we have seen in the past couple of years. What is even more important is that there are IoT devices that we carry with us all the time and which can also be misused for various purposes. In addition to this, another great threat is smart toys for children who have a microphone, camera, and GPS in the room, and can, therefore, be abused, and the FBI also warned parents. If we look at business users and some things are complicated because today in industry 4.0 we have a large number of IoT devices that can also be abused and make huge financial damage to the company.
Who should take care of the security of the IoT device?
The greatest role in creating security of the IoT environment should be the manufacturers of such devices themselves, which is not the case today. We need to have a little understanding for them as they are in a completely different industry and security is one of the last things they have not encountered so far and the functionality of the devices themselves is at the forefront. Also, such firms generally do not have people employed to deal with this issue, which is a great cost to them because experts in this field are now expensive and looking for companies.
What is needed to improve?
- The first thing that would be needed is the process of automatic updating of software on IoT devices (this was once a problem with smartphones where it was unthinkable that such devices are updated regularly and today we consider it quite normal).
- The second thing is to take into account the implied user names and passwords for access to IoT devices, as it is commonly known that they are often used as a preconfigured order and password such as admin and more.
- The third thing is to take account of how to store user data on IoT devices, even though these hardware weak devices should consider how and where data is stored.
- The fourth thing is to introduce minimal cryptography to protect the transfer of data and protocols between the IoT devices (however, the biggest problem in the whole story is the lack of CPU power and memory on IoT devices, so it is necessary to develop and use less demanding algorithms)
- The fifth thing is the adoption of a unique operating system like IncludeOS which, unlike the Linux system, is now largely used much better by the resources of the device and has a much smaller attack surface because it is a type system.
What if the manufacturer did not do anything about the known security bug?
It would be logical if such a device returned to the manufacturer with the money you paid when you bought it. Imagine that your car has braking problems that the manufacturer can not afford, it would be quite logical for such a car to be replaced or to return the money. Unfortunately, there will be a lot of problems here, especially with a large number of producers from China, who in some markets do not even have authorized service and sales staff.