5 Security Woes of IoT

By LEIA SHILOBOD – CEO of InTech Solutions

As the Internet of Things (IoT) becomes more widespread in manufacturing environments to increase productivity and automation, manufacturers must be aware of the security risks or face the potentially catastrophic consequences.

Who would think a sensor on a manufacturing line or security camera would pose a threat to a network? Can a simple little device REALLY spell disaster for a business?

Yes. Yes it can!

Some companies truly don’t understand the risks; others choose to be willfully blind and say, “It won’t happen to me.”

Here are 5 ways IoT devices pose security risks to business networks:

Firmware Vulnerabilities. Many OEM’s aren’t building IoT devices with security in mind, and program them with firmware that contains known vulnerabilities. Other times, the devices are shipped with secure firmware, but vulnerabilities are discovered over time. If an OEM doesn’t publish a patch or makes it nearly impossible to update the firmware, the device will remain insecure. In some cases, the devices are even shipped with spyware built in.

Insecure Communication.  Many IoT devices pass sensitive information across networks without encryption or authentication mechanisms. When information is passed through a network or the internet insecurely it can be intercepted, and the data stolen or manipulated.

Vulnerabilities = Susceptibility to Malware. Those vulnerabilities mentioned above allow hackers to inject malware. A favored hacker method of leveraging IoT is massive botnet-powered distributed denial-of-service (DDoS) attacks, using YOUR IoT network as a weapon to shut down websites or other cloud services.

Potential for Production or Service Disruption. We’ve seen an uptick in hackers compromising IoT and operational network and manipulate data which trigger false signals or suppress alarms. In turn, this misinformation causes plant operators to take actions that can be damaging to productivity, or even dangerous. For instance, data on a sensor attached to a remote gas pump could be manipulated to suppress alarms indicating failure, causing a disaster.

Insecure Integrations. Every system is only as secure as its weakest link. We are too trusting of every piece of software we currently use or is offered up by a vendor. If best practices in app dev are not followed, these integrations can blow a wide whole in the security of systems.

But the benefits of leveraging IoT cannot be argued. What should manufacturers do to decrease the risks posed by IoT?

• Start with choosing technology that can be secured. Seek out IoT vendors and implementors who put security ahead of producing a product at a low cost.
• Choose OEMs who will provide firmware patches and updates.
• Ask if the devices come with hardcoded passwords. If each device is deployed with strong, unique hard coded passwords you can give it a greenlight. If they are simple and easily guessable, pass on the vendor.
• If you can change the default passwords on the devices and/or controllers or software that integrate with the devices, change the passwords. (I have hacked into the security camera systems at manufacturing plants easily because of insecure systems and default passwords. It’s actually hard to call it a ‘hack’ since it was way too easy)
• Turn a sharp eye on what web services, API’s, cloud software or mobile apps integrate or interface with these devices and question their security and redundancy
• Implement vLANing (virtual local area networks) to segregate the IoT network so if it IS hacked, the compromise will be contained.

As a cyber security advisor, Leia speaks frequently at venues and events such as Harvard, Pennsylvania State Department events, and Accounting and Manufacturing industry events.

Also known as the “IT Princess of Power,” Leia saves mid-market firms from hackers and keeps them compliant by delivering enterprise-class IT security solutions that would otherwise be cost prohibitive.