IoT security – the most common shortcomings

The security of IoT devices has been at the heart for some time, as it is affected by a number of security components that need to be kept in mind if we want to prevent attackers from accessing the devices and consequently the data.

While Internet security has improved dramatically over the last few decades, several important gaps in the ‘overall health’ of modern technologies have emerged. These gaps are most evident in embedded systems (embedded systems) and cloud services – both primary components of IoT technology. The security of IoT devices has been a concern for some time, and the inevitable consequence is both minor and major attacks. Most of these attacks originate from simple security deficiencies.

The most common security vulnerabilities of IoT devices

  1. Improper access control
    The services offered by the IoT device should only be accessible to the owner and users in their immediate environment who trust them.
  2. Large area of ​​attack
    The device may have an open door with services that are not strictly necessary for operation. An attack on such an unnecessary service could easily be prevented if the service is not enabled.
  3. Outdated software
    Once vulnerabilities in the software have been detected and resolved, it is important to extend the updated version to protect against the vulnerability.
  4. Lack of encryption
    When the device communicates in plain text, all the information exchanged with the client device or back-end service can be obtained by a ‘man in the middle’ (Man-in-the-Middle).
  5. Application vulnerabilities
    Software bugs can trigger functionality on a device that the developers did not anticipate.
  6. Lack of a trusted implementation environment
    Most IoT devices are actually general purpose computers that can run specific software. This allows attackers to install their software, with functionality that is not part of the normal operation of the device.
  7. Manufacturer’s safety action
    The safety position of a manufacturer often depends on whether it has a procedure is in place to properly address security issues.
  8. Insufficient privacy protection
    Devices installed on a wireless network store the password of that network.
  9. Ignorance of intrusion
    When the device is compromised, it continues to function normally from the user’s point of view.
  10. Insufficient physical security
    If attackers have physical access to the device, they can open the device and carry out an attack on the hardware.
  11. User interaction
    Manufacturers can promote the safe deployment of their devices by simplifying secure configuration.

The biggest security issues are undoubtedly related to access control and exposed services.

Learn more about security vulnerabilities and how to protect yourself >>

The article is prepared in collaboration with a partner SMART COM doo
For more information, see SMART COM doo
When contacting, tell us that you found the post in Computer news.


Source: Računalništvo, telefonija – Računalniške novice by racunalniske-novice.com.

*The article has been translated based on the content of Računalništvo, telefonija – Računalniške novice by racunalniske-novice.com. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!