In recent years, M2M / IoT systems have faced a growing collection of security threats. Large numbers of IoT devices have been used by attackers to mount DDoS attacks against targets. Other more sophisticated attacks have sought to use sensor devices to spy on users and to take control of remote devices and change their behaviour.
A good security approach starts with enumerating the available attack surfaces, I.e. places in a system where an attacker is able to take action.
Attack Surfaces
At a high level, there are three primary surfaces for attacks against IoT systems.
Keeping these surfaces small, and hardening them where possible is a good approach to ensuring the security of an IoT system.
Devices
Devices in IoT systems can be vulnerable to a wide range of attacks. Many IoT devices have been designed around open-source operating systems that ship with insecure defaults, or defaults not intended for use on exposed IoT devices. In 2016, the Mirai malware spread to large numbers of Linux-based IoT devices using default usernames and passwords for Telnet services.
Utilising custom-built, for-purpose firmware and exercising proper security practises and testing during development of IoT device firmware can help to mitigate device-facing attacks.
From a firmware architecture standpoint, generally, keeping the firmware as simple as possible and eliminating unnecessary packages, features and code is a good strategy to keep in mind when developing secure IoT devices.
Transport
IoT devices are often tasked with collecting sensitive data or important remote control tasks. The transport of both data from devices and commands/configurations to devices is therefore a prime target for attackers.
IoT systems have been subject to man-in-the-middle attacks where data is intercepted or occasionally altered while in transit to the destination.
Through the use of PKIs (Public Key Infrastructures), devices and servers can authenticate one another and encrypt the communication between them. Issuing unique certificates for devices can allow system operators to revoke certificates of devices that have been lost or stolen.
Additionally, ensuring that communication with command & control servers takes place over secure channels such as VPNs can add an additional layer of security to the data transport component of IoT systems.
These strategies may not be suitable for all situations, however. For low-processing power devices where public key cryptography & VPNs are not feasible, other encryption strategies are possible such as static, symmetric keys individually securely flashed to devices at time of manufacture.
For more info on communication protocols used for transport between device and server see our blog on Choosing an M2M / IoT Protocol.
Server
IoT devices typically upload collected data and download commands and configuration from a central web service. Having the ability to receive data from many distributed devices and also to push commands out to them makes IoT command & control systems another prime target for malicious actors.
A well-developed IT security policy along with strict adherence to good security practices is crucial in IoT systems. This can be extended to every level of the system implementation, from developer, system operator & user awareness of security concerns (including password management & key material security) to intrusion detection systems and other active security measures.
How Can We Help?
The security of IoT systems is critical in any implementation. 360 Telemetry can both develop secure IoT hardware, firmware & software, and can also help to audit & secure existing systems.
If you think we could help your organisation, please do get in touch.