IoT hacking can be extremely effective, producing DDoS attacks that can cripple our infrastructure, systems, and way of life. ... Malicious hackers can launch attacks and infiltrate thousands or millions of unsecured devices, crippling infrastructure, downing networks, or gaining access to private information.
loT has evolved from the convergence of wireless technology, micro-electromechanical systems, micro-services and Internet. loT solutions are applied in different sectors of industry like healthcare, building management, agriculture, energy and transportation. Many organizations are driving the Internet of things transformation. loT devices such as wearables, industrial appliances, connected electronic devices, smart grids, smart vehicles, etc. are becoming part of interconnected networks. These devices generate huge amount of data that is collected, analyzed, logged and stored on to the networks.
The Internet of things introduced a range of new technologies with associated capabilities into our daily lives. As loT is an evolving technology, the immaturity of technologies and services provided by various vendors will have broad impact on the organizations leading to complex security issues. loT security is difficult to ensure as the devices use simple processors and stripped down operating systems that may not support sophisticated security approaches. Organizations using these devices as part of their network need to protect both the devices and the information from attackers.
At the end of this module, you will be able to
: ■ Explain loT concepts
■ Understand different loT threats and attacks
■ Describe loT hacking methodology
■ Use different loT hacking tools
■ Apply countermeasures to prevent devices from loT attacks
■ Use different loT security tools
■ Perform loT penetration testing
The Internet of Things (IoT) is an important and emerging topic in the field of technology, economics and in society in general. It is referred to as the web of connected devices, made possible from the intersection between machine-to-machine communications and big data analytics. The IoT is a future-facing development of the internet and abilities of physical devices that are eventually narrowing the gap between the virtual world and the physical world. This section deals with some of the important IoT concepts which one should be familiar with to understand the advanced topics covered later in this module.
What is IoT?
Internet of Things (IoT), also known as Internet of Everything (loE) refers to the computing devices that are web-enabled and have the capability of sensing, collecting and sending data using sensors, and the communication hardware and processors that are embedded within the device. In IoT, a thing is referred to as the device that is implanted on natural or man-made or machine-made objects and having the functionality of communicating over the network. IoT utilizes the existing emerging technology for sensing, networking, and robotics, therefore allowing the user to achieve deeper analysis, automation and integration within a system.
With the increase in the networking capabilities of machines and everyday appliances used in different sectors like offices, home, industries, transportation, buildings and wearable devices, they open up a world of opportunities for the betterment of business and better customer satisfaction. Some of the important key features of IoT are connectivity, sensors, artificial intelligence, small devices, and active engagement.
How IoT Works
IoT technology includes three primary systems such as IoT devices, gateway system, data storage system using Cloud and remote control using mobile apps. These systems together make the communication between two end points possible. Discussed below are some of the important components of IoT technology that play an essential role in the working of an IoT device:
■ Sensing Technology: Sensors embedded in the devices sense a wide variety of information from their surroundings like temperature, gases, location, working of some industrial machine as well as sensing health data of a patient.
■ IoT Gateways: Gateways are used to bridge the gap between the IoT device (internal network) and the end user (external network) and thus allowing them to connect and communicate with each other. The data collected by the sensors in IoT devices send the collected data to the concerned user or cloud through the gateway.
■ Cloud Server/Data Storage: The collected data after travelling through the gateway arrives at the cloud, where it is stored and undergoes data analysis. The processed data is then transmitted to the user where he/she takes certain action based on the information received by him/her.
■ Remote Control using Mobile App: The end user uses remote controls such as mobile phones, tabs, laptops, etc. installed with a mobile app to monitor, control, retrieve data, and take a specific action on IoT devices from a remote location.
Example:
1. A smart security system installed in a home will be integrated with the gateway which in turn helps to connect the device to the Internet and the cloud infrastructure.
2. The data storage at the cloud has the information of each and every device connected to the network. The information possessed includes device's id, the present status of the device, who all accessed the device and for how many times. It also includes information like how long the device was accessed last time.
3. The connection with the cloud server is established through web services.
4. The user on the other side, who has the required app to access the device remotely on his mobile phone, interacts with it, which in turn makes him interact with the devices at home. Before accessing the device, he is asked to authenticate himself. If the credentials submitted by him match those saved in the cloud, he gets an access. Otherwise, his access is denied ensuring security. The cloud server identifies the device's id and sends a request associated with that device using gateways.
5. The security system that is currently recording the footage at home, if it senses any unusual activity, then it sends an alert to the cloud through the gateway, which matches the device's id and the user associated with it and finally the end user gets an alert.
IoT Architecture
The Internet of Things architecture includes several layers starting from the Application layer at the top to the Edge Technology Layer at the bottom. These layers are designed in such a way that they can meet the requirements of various sectors like societies, industries, enterprises, governments, etc. The functions performed by each layer in the architecture are given below:
■ Edge Technology Layer
This layer consists of all the hardware parts like sensors, RFID tags, readers or other soft sensors and the device itself. These entities are the primary part of the data sensors that are deployed in the field for monitoring or sensing various phenomena. This layer plays an important part in data collection, connecting devices within the network and with the server.
■ Access Gateway Layer
This layer helps to bridge the gap between two end points like a device and a client. The very first data handling also takes place in this layer. It carries out message routing, message identification and subscribing.
■ Internet Layer
This is the crucial layer as it serves as the main component in carrying out the communication between two end points such as device-to-device, device-to-cloud, device-to-gateway and back-end data-sharing.
■ Middleware Layer
This is one of the most critical layers that operates in two-way mode. As the name suggests this layer sits in the middle of the application layer and the hardware layer,thus behaving as an interface between these two layers. It is responsible for important functions such as data management, device management and various issues like data analysis, data aggregation, data filtering, device information discovery and access control.
■ Application Layer
This layer placed at the top of the stack, is responsible for the delivery of services to the respective users from different sectors like building, industrial, manufacturing, automobile, security, healthcare, etc.
IoT Application Areas and Devices
Internet of Things devices have a wide range of applications. They are used in almost every sector of the society to assist in various things to simplify routine work, personal tasks and thus, improving the standard of living. IoT technology is included in smart homes and buildings, healthcare devices, industrial appliances, transportation, security devices, retail sector, etc.
Some of the applications of loT devices are as follows:
■ The smart devices that are connected to the Internet, providing different services to end users include, thermostat, lighting system and security systems and several other systems that reside in buildings.
■ In healthcare and life science sectors, devices like wearable devices, health monitoring devices like implanted heart pacemakers, ECG, EKG, surgical equipment, telemedicine, etc.
■ The Industrial Internet of Things (lloT) is capturing new growth through three approaches: Increasing production that boosts revenues, using intelligent technology that is entirely changing the way goods are made and creation of new hybrid business models.
■ Similarly, using loT technology transportation sector follows the concept of vehicle-to- vehicle, vehicle-to-roadside and vehicle-to-pedestrian communication, thus improving the traffic conditions, navigation system and parking schemes.
■ loT in retail is majorly used in payments, advertisements and tracking or monitoring products, thus protecting them from theft and loss, thereby increasing revenue.
■ In IT and networks loT devices mainly consist of various office machines like printers, faxing machines, copiers as well as monitoring of PBXs, thus, improving communication between endpointsand providing an ease of sending data across long distances.
IoT Technologies and Protocols
The IoT includes a wide range of new technologies and skills. The challenging problem in the IoT space is the immaturity of technologies with associated services and that of the vendors providing them. They lay a key challenge for the organizations exploiting the IoT. For a successful communication between two endpoints, IoT primarily exploits standard and networking protocols.
The major communication technologies and protocols with respect to the range between a source and the destination are as follow:
Short Range Wireless Communication
■ Bluetooth Low Energy (BLE): Bluetooth LE or Bluetooth Smart is a wireless personal area network. This technology is designed to provide applications in various sectors like healthcare, security, entertainment, fitness, etc.
■ Light-Fidelity (Li-Fi): Li-Fi is like Wi-Fi with only two differences: mode of communication and the speed. Li-Fi is a Visible Light Communications (VLC) system that uses common household light bulbs for data transfer at a very high speed of 224Gbps.
■ Near-field Communication (NFC): NFC is a type of short range communication that uses magnetic field induction to enable communication between two electronic devices. It is basically used in connectionless mobile payment, social networking and in identification of documents or some product.
■ QR Codes and Barcodes: These codes are machine readable tags that contains information about the product or item to which they are attached. Quick Response code or QR code is a two-dimensional code that stores products information and it can be scanned using smart phones whereas Barcode comes in both, one dimensional (ID) and two-dimensional (2D) code.
■ Radio Frequency Identification (RFID): RFID stores data in tags that are read using electromagnetic fields. RFID is used in many sectors like industrial, offices, companies, automobile, pharmaceuticals, livestock and pets.
■ Thread: Thread is an IPv6 based networking protocol for loT devices. Its main aim is home automation, so that the devices can communicate with each other on local wireless networks.
■ Wi-Fi: Wi-Fi is a technology that is widely used in wireless local area networking or LAN. Presently, the most common Wi-Fi standard that is used in homes or companies is 802.lln which offers a maximum speed of 600 Mbps and range of approximately 50 meters.
■ Wi-Fi Direct: It is used for peer-to-peer communication without the need of a wireless access point. The Wi-Fi direct devices start communication only after deciding which device will act as an access point, s.
■ Z-Wave: Z-Wave is a low power, short-range communication designed primarily for home automation. It provides a simple and reliable way to wirelessly monitor and control household devices like HVAC, thermostat, garage, home cinema etc.
■ Zig-Bee: It is another short-range communication protocol based on IEEE 203.15.4 standard.
Zig-Bee is for the devices that transfer data infrequently at low data-rate in a restricted area and within a range of 10-100 meters.
Medium Range Wireless Communication
■ Ha Low: It is another variant of Wi-Fi standard that provides extended range, making it useful for communications in rural areas. It offers low data rates, thus reducing power and cost for transmission.
■ LTE- Advanced: LTE-Advanced is a standard for mobile communication that provides enhancement to LTE thus focusing on providing higher capacity in terms of data rate, extended range, efficiency and performance.
Long Range Wireless Communication
■ LPWAN: Low Power Wide Area Networking (LPWAN) is a type of wireless telecommunication network, designed in such a way so as to provide long-range communications between two end points. Available LPWAN protocols and technologies include:
o LoRaWAN: Low Power Wide Area Network (LoRaWAN) is used to support applications such as mobile, industrial machine-to-machine and secure two-way communications for loT devices, smart cities and healthcare applications.
o Sigfox: It is used in devices that have small battery life and need to transfer low level of data.
o Neul: It is used in a tiny part of the TV white space spectrum to deliver high quality, high power, high coverage and low-cost networks.
■ Very Small Aperture Terminal (VSAT): VSAT is a communication protocol that is used for data transfer using small dish antennas for both broadband data and narrowband data.
■ Cellular: Cellular is a type of communication protocol that is used for communication over a longer distance. It is used to send high-quality data but with a cost of being expensive and high consumption of power.
Wired Communication
■ Ethernet: Ethernet is the most commonly used type of network protocol today. It is a type of LAN (Local Area Network) which refers to a wired connection of computers in a small building, office or on a campus.
■ Multimedia over Coax Alliance (MoCA): MoCA is a type of network protocol that provides a high definition video of home and content related to it over the existing coaxial cable.
■ Power-line Communication (PLC): It is type of protocol where electrical wires are used to transmit power and data from one end point to another end point. PLC is required for applications in different areas like home automation, industrial devices and for broadband over power lines (BPL).
loT Operating Systems
loT devices consist of both hardware and software components. Hardware components include end devices and gateways whereas software part includes operating systems. Due to increase in production of hardware components (gateways, sensor nodes, etc.), traditional loT devices that previously used to run without an OS, started adopting new OS implementations that are specially programmed for loT devices. These operating systems provide connectivity, usability and interoperability to the devices.
Given below are some of the operating systems used by loT devices:
■ RIOT OS: It has less resource requirement and uses energy efficiently. It has an ability of running on embedded systems, actuator boards, sensors, etc.
■ ARM mbed OS: It is mostly used for low-powered devices like wearable devices.
■ RealSense OS X: It is used in Intel's depth sensing technology. Therefore, it is implemented in cameras, sensors, etc.
■ Nucleus RTOS: Primarily used in aerospace, medical and industrial applications.
■ Brillo: It is an android based embedded OS, used in low-end devices such as thermostats.
■ Contiki: It is used in low-power wireless devices such as street lighting, sound monitoring systems, etc.
■ Zephyr: It is used in low power and resource constrained devices.
■ Ubuntu Core: Also known as Snappy, it is used in robots, drones, edge gateways, etc. ■ Integrity RTOS: Primarily used in aerospace or defense, industrial, automotive and
medical sectors.
■ Apache Mynewt: It supports devices that work on Bluetooth Low Energy protocol.
IoT Communication Models
IoT technology uses different technical communication models each having its own characteristics. These models highlight the flexibility in the way these IoT devices can communicate with each other or with the client. Discussed below are four communication models and key characteristics associated with each model:
■ Device-to-Device Communication Model
In this type of communication, devices that are connected interact with each other through the internet but mostly they use protocols like ZigBee, Z-Wave or Bluetooth. Device-to-Device communication is most commonly used in the smart home devices like a thermostat, Light Bulb, Door-locks, CCTV cameras, Fridge, etc. where these devices transfer small data packets to each other at a low data rate. This model is also popular in communication between wearable devices. For example, an ECG/EKG device attached to the body of a patient will be paired to his/her smartphone and will send him/her notifications in an emergency.
■ Device-to-Cloud Communication Model
In this type of communication, devices communicate with the cloud directly rather than directly communicating with the client in order to send or receive the data or commands. It uses communication protocols such as Wi-Fi or Ethernet and sometimes uses Cellular as well.
A case for Wi-Fi based Device-to-Cloud communication would be a CCTV camera which can be accessed on the smartphone from a remote location. In this scenario the device (here CCTV camera) cannot directly communicate with the client, rather it first sends data to the cloud and then if the client inputs correct credentials, he is then allowed to access the cloud which in turn allows him to access the device at his home.
■ Device-to-Gateway Communication Model
In the Device-to-Gateway communication, Internet of Things device communicates with an intermediate device called a Gateway, which in turn communicates with the cloud service. This gateway device could be a Smartphone or a Hub that is acting as an intermediate point, also provides security features and data or protocol translation. The protocols generally used in this mode of communication are ZigBee and Z-Wave.
If the application layer gateway is the smartphone, then it might take the form of an app that interacts with an loT device and with the cloud. This device might be a smart TV that connects to the cloud service through a mobile phone app.
■ Back-End Data-Sharing Communication Model
This type of communication model extends the device-to-cloud communication type in which the data from the loT devices can be accessed by authorized third parties. Here devices upload their data onto the cloud which is later accessed or analyzed by the third parties. An example of this model would be an analyzer of a company that analyzes the yearly or monthly energy consumption of a company. Later the analysis can be used to bring down the cost of company's expenditure on energy by following certain energy harvesting or saving techniques.
Challenges of IoT
loT technology is growing so quickly that it has become ubiquitous. With lots of applications and features but a lack of basic security policies, IoT devices today are easy prey for hackers. In addition, the upgrades in IoT devices have introduced new security flaws that can easily be exploited by hackers. To overcome this big issue, manufacturing companies should consider security as the top most priority, starting with planning, design and all the way up to deployment, implementation, management and maintenance.
Discussed below are some of the challenges of IoT devices that make them vulnerable to many threats:
■ Lack of Security and Privacy: Most of the IoT devices today such as household devices, industrial devices, healthcare devices, automobiles and so on are connected to the internet and these devices contain important and confidential data. These devices lack even basic security and privacy policies so that the hackers can exploit this lack to carry out some malicious activity.
■ Vulnerable Web Interfaces: Many IoT devices come with embedded web server technology that makes them vulnerable to attacks.
■ Legal Regulatory and Rights Issue: Due to the interconnection of IoT devices certain security issues are raised with no existing legal laws that address these issues.
■ Default, Weak and Hardcoded Credentials: One of the most common reasons for cyber attacks on IoT is its authentication system. These devices usually come with default and weak credentials, which can easily be exploited by a hacker to gain unauthorized access to the device.
■ Clear Text Protocols and Unnecessary Open Ports: loT devices lack encryption techniques during transmission of data which at times makes them use certain protocols that transmit data in clear text in addition to having open ports.
■ Coding Errors (Buffer overflow): Most of the loT devices today have embedded web services that are subjected to the same vulnerabilities that are commonly exploited on web services platforms. As a result, updating such functionality may give rise to issues like buffer overflows, SQL injection, etc. within technology infrastructure.
■ Storage Issues: loT devices generally come with smaller data storage capacity, but the data collected and transmitted by the devices is limitless. Therefore, this gives rise to data storage, management and protection issues.
■ Difficult to Update Firmware and OS: Upgrading firmware is an essential step towards countering vulnerabilities in a device but this upgrading may break a device's functionality. For this reason, the developers or the manufacturing companies may hesitate or even refuse to get product support or make adjustments during the development phase of their products.
■ Interoperability Standard Issues: One of the biggest obstacles for loT devices is the Interoperability issue which is a key to the viability and long-term growth of the entire loT ecosystem. The issues that arise due to lack of interoperability in loT devices are the inability of manufacturers to test APIs using common methods and mechanisms, their inability to secure devices using software from third parties and their inability to manage and monitor devices using a common layer.
■ Physical Theft and Tampering: Physical attacks on the loT devices include tampering with the devices to inject malicious code or files to make the device work the way attacker wants or make hardware modifications to the devices. Counterfeiting the devices may also be the issue when proper physical protection is not there to shield the devices.
■ Lack of Vendor Support for Fixing Vulnerabilities: The firmware of the devices has to be upgraded in order to protect the devices against certain vulnerabilities but vendors are hesitant or they usually refuse to get a third-party access to their devices.
■ Emerging Economy and Development Issues: With wide spread opportunities of loT devices in every field, it adds multiple layers of complexity for the policy makers. The new environment of these devices adds a new dimension for the policy makers who would have to design new blueprints and policies for loT devices.
Threat vs Opportunity
If MISCONFIGURED and MISAPPREHENDED, loT poses an unprecedented risk to personal data, privacy and safety. If APPREHENDED and PROTECTED, loT will boost transmissions, communications, delivery of services and standard of living.
The threats of loT can be listed down in three primary categories: Security, Privacy and Safety. All these categories are interrelated as they deal with the same device and its connectivity. The importance of these categories can be understood as the loT devices are fast becoming more pervasive in our lives than the smart phones and will have access to the most confidential or sensitive personnel information such as health records, financial records and social security numbers.
For instance, when it comes to smart mobiles or tablets we have only a couple of concerns while if we possess any loT device then the concerns would quickly multiply in number. Therefore, considering what loTs can access, security, privacy and safety are of paramount importance.
If these three categories of threat are prioritized and a number of required techniques are followed in order to overcome these issues then it will result in enhanced and secure communication between two endpoints, fewer cyber-attacks on the devices, good user experience and will also result in cost savings and efficiency gains.
IoT Attacks
Attackers implement various techniques to launch attacks on e target IoT devices or networks. This section discusses top IoT threats with the basic types of IoT attack vectors and techniques that include DDoS attack, attacks on HVAC systems, rolling code attack, BlueBorne attack, jamming attack, etc.
IoT Security Problems
Potential vulnerabilities in the IoT system can result in major problems for the organizations. Most of the IoT devices come with security issues such as absence of proper authentication mechanism or use of default credentials, absence of lock-out mechanism, absence of strong encryption scheme, absence of proper key management systems, improper physical security, etc.
OWASP Top 10 IoT Vulnerabilities and Obstacles Source: https://www.owasp.org
The OWASP top 10 IoT vulnerabilities are listed below:
■ Insecure Web Interface
Insecure web interface occurs when certain issues arise such as weak credentials, lack of account lockout mechanism and account enumeration. These issues result in loss of data, loss of privacy, lack of accountability, denial of access and complete device access takeover.
■ Insufficient Authentication/Authorization
Insufficient authentication refers to using weak credentials such as an insecure or weak password which offers poor security, thus allowing a hacker to gain access to the user account, and causing loss of data, loss of accountability and denying user to access the account.
■ Insecure Network Services
Insecure network services are prone to various attacks like buffer overflow attacks, attacks that cause denial-of-service scenario, thus leaving the device inaccessible to the user. An attacker uses various automated tools such as port scanners and fuzzers to detect the open ports and exploit them to gain unauthorized access to the services.
■ Lack of Transport Encryption/lntegrity Verification
Due to lack of message encryption techniques in the transmission of data, the data can be easily intercepted and viewed which can result in information loss and based on the exposed data, the loT device or user accounts can be compromised.
■ Privacy Concerns
loT devices generate some private and confidential data but due to lack of proper protection schemes, it leads to privacy concerns, which makes it is easy to discover and review the data that is being produced, sent, and collected.
■ Insecure Cloud Interface
An insecure cloud interface is available when easy to guess credentials are used for a user account. A hacker exploits the insufficient authentication mechanism and lack of proper transport encryption to access data or control the user account.
■ Insecure Mobile Interface
An insecure mobile interface is present if the credentials are easy to guess and account enumeration is possible. Insecure mobile interfaces are easy to find by simply reviewing the connection to the wireless network and identifying if SSL is in use.
■ Insufficient Security Configurability
This kind of issue arises when the device user lacks the ability to change the security controls in an loT device which can increase the device's vulnerability, thus making it an easy target for hackers to exploit.
■ Insecure Software/Firmware
Due to the lack of ability of a device to update itself when vulnerabilities or security loopholes are discovered, there exists a major security concern. An attacker via unencrypted connections, can capture an update file and perform a malicious activity such as tampering with the file content via DNS hijacking.
■ Poor Physical Security
Physical security concerns arise if an attacker physically accesses the device and accesses the data stored in it. Such issues also take place if the device is accessed via a USB port or SD card or via some other hardware device.
IoT Attack Surface Areas
This is one of the most important components in the IoT ecosystem. A device's memory is necessary in order to store important information about certain events. Discussed below are some of the vulnerabilities present in this component:
o Clear-text Credentials
Vulnerability: Unencrypted credentials or clear-text credentials may lead to credentials and information leak from a device.
Consideration: In order to keep the device and its information secure, the credentials that are used for accessing some device and even the communication between two endpoints should be carried out in an encrypted form so that it cannot be easily accessed to compromise it or get an unauthorized access to the platform,
o Third-party Credentials
Vulnerability: Using third party credentials a device can be accessed and exploited. Consideration: Only certain functionalities should be exempted to access for the third parties and the credentials used by third parties should be encrypted using a strong encryption mechanism so that even if the hacker obtains them, he/she should not be able to decrypt them to gain an access to the device.
o Encryption Keys
Vulnerability: Encryption keys can be obtained by the hackers, using which they can get an unauthorized access to the device.
Consideration: Proper key management system must be used to protect the encryption keys from hackers. Encryption keys should not be stored with the data that they decrypt otherwise if the machine on which both are located is compromised then so are the keys.
■ Ecosystem Access Control
o Implicit Trust between Components
Vulnerability: Implicit trust can result in trusting malicious component that in turn can result in malfunctions of all the components.
Consideration: Before interaction each component should authenticate itself with other component. If trust relationships are acquired, there should be strong mechanisms and procedures to ensure that the trust cannot be abused.
o Enrolment Security
Vulnerability: Enrolling the device in the absence of certain restrictions or authentication mechanisms can result in putting onboard a malicious device that can put the network's security at risk.
Consideration: Each device should authenticate itself before getting enrolled, o Decommissioning System
Vulnerability: Any single device may put the whole system at risk by compromising it. Consideration: The compromised devices should be handled carefully by analyzing the problem and developing methods to counter the problem. Certain techniques should also be adopted in order to prepare the system if some unwanted situation arrives, like clearing data and resetting the device from the cloud, debugging and decommissioning the system, etc.
o Lost Access Procedures
Vulnerability: Lack of defining proper purpose of each device and its access level may result in the situation known as right escalation.
Consideration: Proposing proper method where each device has the ability to be configured and what functionalities it can perform. ACL at device and the network levels should be implemented that would eventually decrease the security gaps and improve the control over the devices.
■ Device Physical Interfaces
o Firmware Extraction
Vulnerability: Hidden vulnerabilities in the system can be exposed if the firmware is allowed to be accessed.
Consideration: The security consideration for this would be to use the firmware in an encrypted form.
o User CLI
Vulnerability: If the user is allowed to access all the parts of a device or has an administrator level rights, it can put the device security at high risk.
Consideration: Preferred approach would be to limit users' access to the core part of the device and certain changes in the devices should be allowed to be made.
o Admin CLI
Vulnerability: Access to user console or the admin console in order to perform administrative tasks or to access the data received by the device may expose it to exploitation and may compromise it.
Consideration: The security consideration for such vulnerability is not to expose the console access to the devices for purposes like debugging etc. The administrative rights should be limited and for the live devices debugging ports should be blocked.
o Privilege Escalation
Vulnerability: Physical access to the device, if it is not configured properly may result in elevated access to the system resource which is usually not allowed for a user. This may result in exploiting the device functions.
Consideration: Consideration for this would be to design the firmware in such a way that the user cannot access that part of the device which he/she is not supposed to access.
o Reset to Insecure State
Vulnerability: In case of physical access to the device, there is a possibility to reset the storage memory of the device to an unwanted or undesired state.
Consideration: Firmware needs to be designed such a way that the access to resetting the device should be denied.
o Removal of Storage Media
Vulnerability: Access to the device physically may lead to access to the storage media which can further expose firmware, data stored in the device and the credentials.
Consideration: Additional security at the hardware level or the hardware encryption should be implemented.
■ Device Web Interface
Vulnerability: SQL injection is a type of code injection technique where malicious code is injected in the application in order to extract and modify the database content.
Consideration: Strong mitigation strategy against SQL injection includes use of prepared statements with parameterized queries.
o Cross-site Scripting
Vulnerability: Cross Site Scripting or XSS is a type of attack found in web applications, using which an attacker can inject malicious code into the application to get an unauthorized access to the web application.
Considerations: Carefully monitoring and validating all the inputs that are assumed to be insecure and not trusting data coming from unknown source.
o Cross-site Request Forgery
Vulnerability: Cross-site Request Forgery is a type of attack where a malicious web site, blog, instant message or program causes a user's web browser to behave abnormally on a trusted site for which the user is authenticated at that moment.
Considerations: Adoption of additional authentication data into requests that allow the web application to detect requests from unauthorized locations.
o Username Enumeration
Vulnerability: User Enumeration is a kind of technique where an attacker finds out whether some username is already existing or not with the help of forgot password form. Once a set of existing or valid usernames are obtained, they can be used to get further access to their accounts.
Considerations: Applications should specify their own usernames and they should not be predictable and CAPTCHA can also be used to avoid user enumeration up to a certain extent.
o Weak Passwords
Vulnerability: Weak or easy to guess passwords can be easily brute forced by an attacker to access user's personal and confidential data.
Considerations: Strong passwords having lower case, upper case, alpha and numeric characters should be used. One should also avoid using dictionary words as their password as they are easy to crack.
o Account Lockout
Vulnerability: Account lockout mechanism is used in order to prevent the system from brute force password guessing attack. Absence of lockout mechanism can allow an attacker to brute force the password and gain an access to the user's account and access his/her private data.
Considerations: Proper lockout mechanism should be implemented which locks out an account of individual after 3-5 unsuccessful login attempts for a certain period of time.
o Known Default Credentials
Vulnerability: If default credentials are not changed, they can be easily cracked and the device can go in wrong hands.
Considerations: Users should change the credentials of any device they buy in order to prevent it from unauthorized access.
■ Device Firmware
o Hardcoded Credentials
Vulnerability: Most of the devices that are bought by the customer, come with default credentials that are set by the manufacturing companies and users usually do not reset the default credentials that make them vulnerable to unauthorized access. After successfully compromising such devices, hackers can turn them into a bot.
Consideration: loT device users need to change/reset the default credentials in order to get an additional layer of security against attacks.
o Sensitive Information/URL Disclosure
Vulnerability: Leak of sensitive or confidential data via URLs may make the devices exposed to attacks.
Consideration: All the information transmitted through URLs must be properly encrypted. Firmware should be designed in such a way that the information stored in the device is in strong encrypted form.
o Encryption Keys
Vulnerability: Access to encryption keys may result in its decryption and obtaining of confidential data.
Consideration: The encryption keys that are used for decrypting the data should not be available directly from the device's memory; rather it should be stored in the cloud and sent across the network to the device when required.
o Firmware Version Display and/or Last Update Date
Vulnerability: The sensitive information about the device (such as credentials, controls keys, update information, etc.) should not be visible to all, i.e., it should be encrypted and should not be shared among devices.
Consideration: Preferred approach would be to use separate control keys whereas the same credentials or the control keys should not be shared across the network. Different security keys for different devices provides an additional level of security against threats.
■ Device Network Services
o Information Disclosure
Vulnerability: Leak of sensitive or confidential data may make the devices exposed to attacks.
Consideration: Firmware should be designed in such a way that the information stored in the device is in strong encrypted form.
o Denial-of-Service
Vulnerability: Any denial of service attack may impact the services offered by the cloud.
Consideration: Intrusion detection mechanism should be deployed in order to handle different denial of service attacks.
o UPnP
Vulnerability: Unwanted ports like Universal Plug and Play (UPnP) comes enabled by default in the devices, putting device security at risk as it allows malware to enter and destroy the device and the local network.
Consideration: Manufacturer should design the devices such a way that these types of vulnerable ports should by default become disabled.
o Vulnerable UDP Services
Vulnerability: Vulnerable UDP services can put the security of the system at high
risk. Certain unwanted or malicious files can be transferred using such services which can even destroy the system and important data.
Consideration: Firmware should be designed in such a way that certain risky services should by default come disabled.
o User and admin CLI
o Injection and Unencrypted services o Poorly implemented encryption
■ Administrative Interface
o SQL Injection
o Cross-site Scripting and Cross-site Request Forgery o Username Enumeration and Known Default Credentials o Weak Passwords and Account Lockout
o Security/encryption and Logging options o Two-factor authentication
o Inability to wipe device ■ Local Data Storage
o Unencrypted Data
Vulnerability: Clear text or unencrypted communications in a network are prone to attacks like data interception.
Consideration: Strong encryption mechanisms that encrypts data should be adopted so that it cannot go in wrong hands and cannot be misused.
o Data Encrypted with Discovered Keys
Vulnerability: Can lead to ransomware attack where an attacker who has encrypted the data and has the keys, can ask for the ransom in order to decrypt the data.
Consideration: Update the device on a regular basis and avoid opening email from unknown source as it might contain a malicious attachment.
o Lack of Data Integrity Checks
Vulnerability: Weak encryption mechanisms may result in the data interception and loss of important information.
Consideration: Security consideration for such issue would be to use strong encryption techniques like Transport Layer Security (TLS).
■ Cloud Web Interface
Vulnerability: Transport encryption is an essential step towards a device's security, lack of which can result in loss of important information, loss of privacy and compromise of device as well.
Consideration: Proper transport encryption techniques should be implemented in order to keep the data encrypted and protected when in transit.
o SQL Injection
o Cross-site Scripting and Cross-site Request Forgery o Username Enumeration and Known Default Credentials o Weak Passwords and Account Lockout
o Insecure password recovery mechanism o Two-factor authentication
■ Update Mechanism
o Update Sent without Encryption
Vulnerability: Unavailability of secure update transferring mechanism opens the door for cyber-attacks.
Consideration: Tested and strong encryption mechanisms should be incorporated for secure transmission of updates to the devices.
o Updates Not Signed
Vulnerability: Updates that are not signed from a trusted or reliable source might contain malicious files which can harm the device or the system.
Consideration: Verify whether the updates to be installed are signed and are from a trusted source. If they are not, avoid installing them.
o Update Verification
Vulnerability: Update verification mechanism verifies the updates that will be installed in the device. If this option is not turned on, then the system would not be able to distinguish between the malicious and genuine updates that can eventually harm the device.
Consideration: Keep the update verification option turned on so that if some malicious update or an update from an unknown source pops up, it will be discarded.
o Malicious Update
Vulnerability: Provides unauthorized access to attackers, using which he/she can perform malicious activities using the device. Consideration: Verify if the update is from trusted source; if it is not, it should be discarded.
o Missing Update Mechanism
Vulnerability: Usually updates remove system vulnerabilities, thus preventing various attacks. Missing update mechanism can make the device or the system prone to various online and offline attacks.
Consideration: Make sure any device you buy has an update mechanism installed in it, or if it is already there make sure it is turned on.
o No Manual Update Mechanism
Vulnerability: Some updates are not automatically installed in your system; you must install them manually. Therefore, absence of a manual update mechanism can make your device vulnerable to certain attacks. Updates usually include various security patches to update the device's software and remove all the existing vulnerabilities.
Consideration: Make sure that the device you buy has a manual update mechanism present in it and gives you the liberty of manually updating the device for updates which are not installed automatically.
■ Third-party Backend APIs
o Unencrypted PH Sent
Vulnerability: Sending of unencrypted Personally Identifiable Information (PH) has the potential of identifying a specific individual. It contains important information that can distinguish one person from another. Therefore, if the hackers get an access to this information they can carry out malicious activities like identity stealing accessing the device illegitimately.
Consideration: Pll should be kept, and sent in encrypted form, so that the hackers won't be able to see the information in clear text or will be unable to decrypt it.
o Device Information Leaked
Vulnerability: Lack of information storage security policies can lead to information leak, the consequences of which could be loss of sensitive and confidential data that in turn could help the hackers get an unauthorized access to the device.
Consideration: Firmware should incorporate certain security policies that keep personal as well as the device information protected.
o Location Leaked
Vulnerability: Leak of location of a device could result in physically accessing the device and the information possessed by it or compromising the device. Consideration: Firmware should make sure that the sensitive information such as location, identity, device banner, etc. should be kept in encrypted form so that it becomes inaccessible to attacker through debugging or physical level.
■ Mobile Application
o Implicitly Trusted by Device or Cloud
Vulnerability: Trusting each device connected to the network or the cloud without having any doubts about it leads to high risks. For example, a device connected to the network might be a fake one or an infected one, connection to which the whole network can get infected.
Consideration: Implementation of trust policies is a perfect step in order to counter this problem. Policies should be such that a device or the cloud should be properly analyzed (based on identity, location, not infected, etc.) before it is considered as trusted.
o Username Enumeration
Vulnerability: Some web applications have a security loophole where they reveal that whether an entered username exists on the system or not. Exploiting this vulnerability, an attacker can guess and find out the username and then using brute force attack can gain an access with that username to the device.
Consideration: Best practice to overcome this issue would be to design a system where the usernames cannot be easily found out and after certain failed attempts the application should stop responding or providing service to the user for a certain period of time and this time should keep on increasing with the increase in number of failed attempts.
o Account Lockout
Vulnerability: Unavailability of account lockout mechanism after a certain period of inactivity on a system can result in unauthorized access to the device by hackers. Consideration: Account lockout mechanism should be incorporated in the device that locks the user out after a defined period of time so that no illegitimate user can access the account and obtain important information.
o Known Default Credentials or Weak Passwords
Vulnerability: Lack of proper authentication mechanism or known default usernames and passwords may result in increasing credentials leak which can put the device at risk.
Consideration: From the cloud side, the authentication mechanism should be used. And rather than transferring the credentials to the cloud every time, a mechanism such as token should be used and keeping the token's life span to a short period of time (few minutes) can automatically increase the security level.
o Insecure Data Storage
Vulnerability: Unsecured data storage can lead to a leak or exposure of sensitive or confidential data.
Consideration: Firmware should be designed in such a way that all the data storage layers of loT should be properly protected. Some storage layers in memory are NoSQL, RDBMS and Big Data Hadoop.
o Transport Encryption, Insecure password recovery mechanism and Two-factor authentication
■ Vendor Backend API's
o Inherent Trust of Cloud or Mobile Application
Vulnerability: Trusting each mobile application or cloud without having any doubts about it leads to high risks. For example, a device using a malicious mobile application which may be fake, or infected, could result in the whole network being infected.
Consideration- Implementation of trust policies is a perfect step to counter this problem. Policies should be such that a mobile application or the cloud should be properly analyzed (based on identity, script, not infected, etc.) before it is considered as trusted.
o Weak Authentication
Vulnerability: As the security is entirely dependent on the strength of authentication mechanism and credentials used, the weak authentication mechanism results in security issues of the device such as loss of privacy, unauthorized access, change of device's settings and infecting different components of the device.
Consideration: Two factor or multi factor authentication mechanism should be used to increase the device's security level.
o Weak Access Controls
Vulnerability: Lack of defining proper purpose of each device and its access level may result in the situation known as right escalation.
Consideration: Proposing a proper method where each device has the ability to be configured and what functionalities it can perform. ACL at device and the network level should be implemented that would eventually decrease the security gaps and improve the control over the devices.
■ Ecosystem Communication
o Health Checks
Vulnerability: Any vulnerability present in a health care device can be exploited by an attacker and can put the patient's life at risk. Vulnerable medical devices are also connected to many monitors and sensors, therefore making them potential entry points to the larger network of a hospital. Consideration: Manufacturing companies, rather than increasing other features in the healthcare devices should increase the security features, thus making it impossible for attackers to bypass the device's security.
o Heartbeats
Vulnerability: Security flaws in the pacemaker or the features which make it accessible from a remote location, can be exploited by the potential hacker which can even result in killing the patient.
Consideration: Manufacturing companies should put more emphasis on medical device security and secure the devices from potential attacks.
o Ecosystem Commands
Vulnerability: Lack of verification of any command coming from the system exposes it to exploits or attacks.
Consideration: Commands that alter the system or update the device's configuration should have additional verification systems to check whether the command is coming from a genuine source or not.
o De-provisioning
Vulnerability: Devices that are not in use but still connected to the Internet are another welcoming factor for various attacks on the device and the network.
Consideration: Unused devices should be detached or terminated from the Internet. Removal of access to certain devices is also an effective solution to this problem.
o Pushing Updates
Vulnerability: Malicious updates from the attackers through an attachment in the email or through compromised third parties can impact the system security badly by installing unwanted or malicious files which can lead to data loss, inability to access the device or ransom demands to get access back to the device.
Consideration: Device users should be more cautious while opening some links or attachments that seem suspicious or coming from some unknown source.
■ Network Traffic
LAN
Vulnerability: Absence of robust security or configured security, lack of secure locations and lack of network monitoring can result in the problems like connection interception, jamming signal attacks, man-in-the-middle attacks, etc.
Consideration: Before deploying LAN, it should be kept in mind that the location is secure and on the software level firewall should be deployed to keep hackers away from the network.
o LAN to Internet
Vulnerability: Not having proper security infrastructure (Firewall, anti-virus, DMZ), lack of proper network monitoring and insecure location of deployment, can result in various attacks from internal or external networks.
Consideration: The very first thing while deploying LAN is the location. Ensure that it is secure and proper security policies and practices are followed to enhance the network's security making it difficult for the attacker to breach the network security,
o Short Range
Vulnerability: Short range devices like Bluetooth devices are vulnerable to various attacks, if the frequency on which it is working on, is known by the intruder. They can easily see all the personal or sensitive information present in your device.
Consideration: In order to make the short-range communication secure, a good security design should be implemented that hardens the device's security.
o Non-standard
Vulnerability: Non-standardized network traffic might contain malicious files that could harm the network's security and the devices.
Consideration: Each piece of network traffic passing through should be standardized and should be checked before leaving or coming into the network.
IoT Threats
loT devices on the Internet have a very few security protection mechanisms against various emerging threats. These devices are infected by malware or malicious code at an alarming rate. Attackers often exploit these poorly protected devices on the Internet to cause physical damage to the network, to wiretap the communication, and also to launch disruptive attacks such as DDoS.
Listed below are some of IoT attacks:
■ DDoS Attack: Attacker converts the devices into an army of botnet to target a specific system or server, making it unavailable to provide services.
■ Exploiting HVAC: HVAC system vulnerabilities are exploited by attackers to steal confidential information such as user credentials and to perform further attacks on the target network.
■ Rolling Code: An attacker jams and sniffs the signal to obtain the code transferred to the vehicle's receiver and uses it to unlock and steal the vehicle.
■ BlueBorne Attack: Attackers connect to nearby devices and exploit the vulnerabilities of the Bluetooth protocol to compromise the device.
■ Jamming Attack: Attacker jams the signal between the sender and the receiver with malicious traffic that makes the two endpoints unable to communicate with each other.
■ Remote Access using Backdoor: Attackers exploit vulnerabilities in the IoT device to turn the device into a backdoor and gain access to an organization's network.
■ Remote Access using Telnet: Attackers exploit an open telnet port to obtain information that is shared between the connected devices, including their software and hardware models.
■ Sybil Attack: Attacker uses multiple forged identities to create a strong illusion of traffic congestion, affecting communication between neighboring nodes and networks.
■ Exploit Kits: A malicious script used by the attackers to exploit poorly patched vulnerabilities in an loT device.
■ Man-in-the-Middle Attack: An attacker pretends to be a legitimate sender who intercepts all the communication between the sender and receiver and hijacks the communication.
■ Replay Attack: Attackers intercept legitimate messages from a valid communication and continuously send the intercepted message to the target device to perform a denial-of- service attack or crash the target device.
■ Forged Malicious Device: Attackers replace authentic loT devices with malicious devices, if they have physical access to the network.
■ Side Channel Attack: Attackers perform side channel attacks by extracting information about encryption keys by observing the emission of signals i.e. "side channels" from loT devices.
■ Ransomware Attack: Ransomware is a type of malware that uses encryption to block user's access to his/her device either by locking the screen or by locking a user's files.
Hacking IoT Devices: General Scenario
The Internet of Things (IoT) includes different technologies such as embedded sensors, microprocessors and power management devices. Security consideration changes from device to device and application to application. The greater the amount of confidential data we send across the network, the greater the risk arises of data theft, data manipulation, data tampering as well as attacks on routers and servers.
Improper security infrastructure might lead to the following unwanted scenarios:
■ An Eavesdropper intercepts communication between two endpoints and sniffs the confidential information that is sent across. He/she can misuse that information for his/her own benefit.
■ A Fake Server can be used to send some unwanted commands in order to trigger some events which are not planned. For example, some physical resource (water, coal, oil, electricity) can be sent to some unknown and unplanned destination and so on.
■ A Fake Device can inject some malicious script into the system to make it work the way the device wants. This may cause the system to behave inappropriately and dangerously.
-Auther by:
Niraj
