IoT Security

[Audio] Good morning everyone. It is an honor to introduce Dr. R. Thirukkumaran, head of Research and Development at SkillsDA in Chennai. Dr. Thirukkumaran has extensive experience in the Internet of Things, and will be discussing the challenges, common attacks, threat impacts, security issues, and best practices related to the IoT. We are excited to learn from his vast knowledge..

Outline. Introduction in IoT Challenges in IoT Common IoT Attacks Security Threats and Impacts Security Issues Simple Countermeasures Guidelines Best Practices.

[Audio] IoT, standing for Internet of Things, refers to a system of physical objects with the ability to communicate and exchange data with one another. Through the connection of devices like wearables, cars, sensors, and appliances, the environment is made smarter and more automated, improving efficiency and allowing for more innovative applications. Additionally, IoT creates better safety and security, enhanced resource management, and heightened customer satisfaction..

[Audio] The Internet of Things (IoT) is rapidly advancing the way we interact with the world around us. It is a network of connected devices, featuring embedded computers, sensors and actuators, that allow us to control and monitor our environment in real-time. This enables us to automate everyday tasks with the power of a dynamic, self-configuring global network infrastructure based on standard and interoperable communication protocols. By connecting and integrating these devices, "things" can have identities, physical attributes and virtual personalities, allowing them to interact with each other seamlessly and create smarter solutions..

Components of IoT.

How it works?. Devices o Any Connectivity 1 Rest MOTT CoAP Custom Cloud Rules Engine Storage Data Push Data pull Application n.

IoT Statistics. There Will be 41 Billion IoT Devices by 2027 By 2023, 70% of Automobiles Will Be Connected to the Internet Every Second, Another 127 Devices Are Connected to The Internet There Will Be 1.9 Billion 5G Cellular Subscriptions by 2024 Companies Will Invest Up to $1.1 Trillion in IoT by 2023 The Total Economic Impact of IoT Could Range Between $4 and $11 Trillion per Year by 2025 The Home IoT Market is Expected to Grow to $53.45 Billion by 2022 By 2024, the Global IoT Healthcare Market is Expected to Reach $140 Billion Over 80 Percent of Industrial Manufacturing Companies Are Using or Planning to Use IoT Devices Ref: https://www.vxchnge.com/blog/iot-statistics.

Applications of IoT. /NTEPNET OF T///Ncg Everyday thing toe smarter connected.

[Audio] IoT or the Internet of Things is a game-changing technology that can change our lives and work in radical ways. Despite its potential however, it has its own set of security risks. We can ignore the threats associated with some less important items like fitness trackers, but when it comes to medical or industrial equipment, any breach could have disastrous results. To protect the safety of those using IoT, it is essential to be aware of these threats and how to effectively counter them..

[Audio] As the research and development head of IoT Security at SkillsDA, Chennai, I would like to call attention to the importance of certain key points concerning data protection with IoT devices. These points include heterogeneity, scalability, identity, confidentiality, integrity, availability, privacy, authentication, and network resources. If we work together, we can create the safest environment possible and continue to earn the trust of our customers..

[Audio] IoT has drastically changed the way we interact with our day-to-day lives. With it, we have gained access to connected devices and systems that can take action based on our needs. As more and more IoT devices are being used, security is becoming a major concern. To maintain the security of our connected lives, we must be knowledgeable about security risks that come along with these devices, their applications, and networks. These security risks range from home appliances to financial systems, military defense, transportation, social media, e-governance, healthcare, telecommunications, and consumer electronics, and must be taken into account for the successful implementation of IoT..

[Audio] The proliferation of Internet of Things devices has caused a number of potential security risks and vulnerabilities. With the reliance on connected devices to store and transfer data, these devices have become vulnerable to attack. To prevent malicious attacks and exploitation, steps should be taken to protect the devices. This slide gives an overview of typical IoT attacks and exploits..

[Audio] Security threats to IoT are varied and potentially serious. Malware, exploit kits, targeted attacks, distributed denial of service attacks, counterfeit attacks, attacks on privacy, data modification, man-in-the-middle attacks, protocol hijacking, session hijacking, data interception, network reconnaissance, data gathering, replay of messages, data leakage, software vulnerabilities, device modifications – all these can affect our IoT devices and infrastructure, the data being exchanged, communication decisions, and applications used. We must take appropriate measures to prevent these security threats from infiltrating our systems..

[Audio] As the number of digital devices used in our daily lives grows, so too does the importance of Internet of Things (IoT) Security. To ensure the security of our digital lives, we need to be aware of the potential threats that exist and take the necessary steps to protect against them. The following are some of the key threats to IoT Security: weak, guessable, or hardcoded passwords; insecure network services; insecure ecosystem interfaces; lack of secure update mechanisms; use of insecure or outdated components; insufficient privacy protection; insecure data transfer and storage; lack of device management; insecure default settings; and lack of physical hardening. By taking measures to prevent these threats, we can protect our devices and ensure our digital security..

[Audio] Security of the internet of things is a major issue and should not be taken lightly. IP spoofing and Wifi eavesdropping are some of the methods attackers might use to acquire personal or confidential information. It is important to be aware of potential risks and take steps to protect our interconnected gadgets..

[Audio] IoT devices contain a variety of components that make them vulnerable to exploitation by malicious actors if their security flaws are not addressed in a timely manner. Consequently, staying up to date on the latest security patches is essential in order to safeguard your devices..

[Audio] It is essential to have securely designed IoT systems to protect against malware. To best protect against malware, regularly use the latest patches and security updates, run rigorous security tests, and deploy strong authentication and authorization protocols. It is also important to carefully consider which devices are connected to the network and their respective vulnerabilities to guarantee a secure network..

[Audio] Interconnected Internet of Things devices have brought a new set of security issues, such as DoS and DDoS attacks. This attack involves sending a vast amount of requests to a network resource, thus disabling the system from being used by the users. With the increasing amount of IoT devices, the chances of successful DDoS attacks becoming a reality increases, which could result in the loss of sensitive data and harm a company's reputation. Therefore, it is essential that adequate security measures are put in place to protect IoT systems from possible malicious attacks..

[Audio] We will be discussing the risks of Man-in-the-middle attacks and their ability to cause disruption and damage. These attacks can take place when using unsecure protocols and networks, allowing those with malicious intent to access confidential information and communication. It is essential that all machines are updated with the most recent security updates and networks remain secure to prevent malicious attack..

[Audio] Physical security of connected devices is of utmost importance as vulnerable access points and poorly secured areas can leave devices open to tampering, such as circuit modification or even substitution with unsecure devices. To reduce such risks, it is essential to implement safety protocols and rigorous physical security measures..

Common IoT Attacks. o Eavesdropping and information theft The transmission and storage of data in IoT systems can be taken advantage of by attackers to gain access to critical information and even to carry out real-time monitoring..

[Audio] Brute Force attacks are an automated process used to gain unauthorized access to a system or network. These attacks involve attempting numerous usernames and passwords in order to gain access to confidential data, leading to potential harm and financial loss. Six of the most common types of Brute Force attacks are Dictionary, Hybrid, Reverse Brute Force, Rainbow Table, Mask and Fragmented attacks. In order to protect yourself from these attacks, it's important to understand how each type works and the strategies you can use to prevent them..

[Audio] Social engineering attacks pose a major risk to the security of the Internet of Things. These attacks involve deception, such as getting people to give away access, confidential information or other valuable items. Popular examples of social engineering attacks are phishing, spear phishing, baiting and tailgating. Phishing scams involve criminals posing as a legitimate entity, keen to get victims to provide confidential data. Spear phishing is a variation of phishing specifically targeting an individual in an organization. In baiting, malicious storage devices or links containing malware are planted somewhere that the target will find and use. Tailgating is an attack in which an intruder gains access to an area by impersonating a trusted user..

[Audio] As the global reliance on connected devices increases, the security of those devices is an essential factor. Malware that encrypts a victim's files and requires a payment to gain access to those files is a noteworthy menace. It is paramount to take measures to safeguard yourself, your devices and your data..

[Audio] Ransomware is a malicious software used by cybercriminals to encrypt data, rendering it inaccessible. To regain access, a ransom must be paid. The attacker might then provide a decryption key which unlocks the data. There is no assurance that the attacker will release the data even after the ransom is paid, so organizations must take steps to protect against ransomware attacks..

[Audio] Security of Internet of Things (IoT) is a vital component of any network. This slide will cover the traditional botnets and their use in malicious networks. Botnet is an assemblage of multiple computers and servers that have been invaded and contaminated with harmful software, this allowing a hacker to get a hold of the device. Botnets can be used to conduct varied assaults such as Distributed Denial-of-Service (DDoS) attacks. Through apprehending these principles and their effects, one can build methods to secure and maintain our IoT networks..

[Audio] IoT, also known as the Internet of Things, is ubiquitous in our lives, connecting us to a multitude of devices. However, it has also created new security vulnerabilities, one of which is the threat of IoT botnets. IoT botnets are comprised of compromised internet-connected devices, including routers, wearables, and embedded technologies. The devices are infected with malicious software, allowing the attacker to take control of the entire network and use it as a platform for digital attacks. To protect against such threats, proper security measures should be taken..

[Audio] Cryptocurrency mining has posed a considerable risk to the security of IoT devices. Botnets have been created in an effort to employ IoT resources to mine digital currencies, which could cause serious disruption to the market if successfully executed. It is important to remain vigilant and take adequate protective measures to safeguard our devices from these possible threats..

[Audio] The importance of secure IoT technology cannot be overstated. To highlight the significance of this, let us consider an example of a company that experienced a severe security breach. After updating its firmware, the company neglected to consider the security implications of the new changes, which resulted in a damaging attack. This consequently caused major data loss and disruption to their operations. It is clear that the need for secure IoT solutions is essential, and companies must invest in the right technology and ensure their security measures are adequate..

[Audio] The threat of tampering to IoT devices is a real concern. Bypassing authentication mechanisms or using backdoors can give attackers access to confidential information or systems, potentially leading to significant data loss or financial damage. To mitigate this risk, it is essential to properly secure and update devices with the latest security patches..

[Audio] A Man-in-the-Middle attack is a particularly devious form of cyber-attack. It involves an attacker inserting themselves between two parties and secretly relaying and potentially altering messages between them. This kind of attack can be used to obtain sensitive data or to disrupt communication between two parties, and can be relatively easy to execute. When deploying IoT systems, it is essential to be aware of this attack vector and take the appropriate measures to protect against it..

Case Study 3. Unauthorized Access Using Default Password.

[Audio] Medical devices connected to the internet, like pacemakers, bring a lot of benefits to their users yet also raise safety concerns. A recent study uncovered up to 8000 cyber vulnerabilities in the software of pacemaker devices, meaning they can be exploited by malicious individuals. Consequently, it is of utmost importance to find those vulnerabilities and to secure these devices with appropriate tech solutions..

[Audio] The use of Internet of Things (IoT) technology in syringe injection devices has become ubiquitous. Unfortunately, this also increases the risk of cyber-attacks and other malicious activities, as well as unauthorized access of medical records and data. To guarantee the safety and security of these devices, robust security measures and timely updates are essential. This ensures that all users remain informed on the latest security protocols. With the correct security measures in place, organizations are able to secure themselves from potential cyber threats and safeguard the privacy and confidentiality of their patients..

[Audio] As the use of Internet of Things (IoT) systems becomes more prevalent, the security landscape has become increasingly complex. To guard against possible threats, Vulnerability Assessment & Penetration Testing (VAPT) is a must. Through this process any potential risks and vulnerabilities are identified and corrective steps are suggested to reinforce security. VAPT can identify unpatched vulnerabilities, misconfigurations and possible loopholes that can be taken advantage of by malicious actors. With the help of VAPT it is possible to detect security weaknesses and prevent malicious attacks before they take place..

[Audio] VAPT (Vulnerability Assessment and Penetration Testing) is a comprehensive security testing method which combines two distinct methods to detect and address any potential vulnerabilities in a computer system, network, application, or any other digital asset. It is a necessary testing approach for organizations that require security for their systems and data..

[Audio] Vulnerability assessment plays a critical role in safeguarding an organization's security. Knowing what weaknesses exist in an organization's infrastructure can help decide which ones should be given the highest priority for protection. Through regular assessment of security risks and weaknesses, organizations can prevent serious losses that can be incurred from cyberattacks..

[Audio] Penetration testing is a proactive approach to ensuring the security of your systems, networks, applications, and digital assets. It involves identifying potential weaknesses that malicious actors could exploit by simulating real-world cyberattacks. The goal is to evaluate the effectiveness of your organization's security measures and identify any vulnerabilities that may be missed by other methods. With a combination of manual techniques and automated tools, penetration testing can uncover potential attack vectors and assess the volatility of successful exploitation. By understanding the potential risks, you can take the necessary steps to protect your organization's data and strengthen your cybersecurity posture..

[Audio] The Internet of Things (IoT) is rapidly changing the way we interact with everyday objects. As this technology advances, so must our security measures to keep up. Proper management of IoT security requires pre-engagement activities such as scope definition, authorization, information gathering, and vulnerability analysis. Scope definition involves clearly defining the objectives, targets, and scope of the penetration test. Authorization involves obtaining the proper permission to perform the test from relevant parties. Additionally, information gathering requires collecting as much data as possible about the potential target systems, applications, and networks. Finally, vulnerability analysis identifies potential vulnerabilities based on collected data and evaluates their severity accordingly. These pre-engagement activities are essential for ensuring the highest level of IoT security for your organization..

[Audio] We will be examining how to secure Internet of Things (IoT) systems, which are becoming increasingly prevalent in our lives. There are three aspects of this protection process that we will be exploring - exploitation, post-exploitation, and reporting. Exploitation includes attempting to exploit any identified vulnerabilities for unauthorized access or control, as well as simulating real-world attacks to assess their feasibility and potential impact. Post-exploitation entails exploring the compromised system to evaluate the extent of the compromise and possible lateral movement, as well as extracting pertinent data for illustrating the potential repercussions of a successful attack. Reporting involves documenting findings such as exploited vulnerabilities, attack paths, and potential damage, while also providing remediation recommendations that are clear, precise, and actionable. This concludes our discussion..

[Audio] Security is becoming an increasingly important consideration with the rise of IoT technologies, in order to ensure the safety of data and systems. To secure an IoT system, a two step process has to be followed. Initially, all existing vulnerabilities and weaknesses must be identified and remediated accordingly. This involves working closely with the security team to patch the identified vulnerabilities and then re-testing to confirm that these vulnerabilities have been properly resolved..

[Audio] Security is increasingly important when it comes to the Internet of Things, as its use has made it easier to control devices and systems. However, the increased convenience of IoT also brings with it an increased risk of security breaches. To protect our networks against unauthorized access, we need to take robust security measures. This includes using strong passwords, implementing encryption, and following basic security practices such as installing regular updates and patches. Doing so ensures that our data remains secure, and that only authorized users are able to access it..

Bluetooth Device Security.

WiFi Device Security.

Zigbee Device Security.

[Audio] The Internet of Things is connecting our devices rapidly, and this connectivity brings greater risk. Thus, steps must be taken to protect ourselves and our data. Utilizing a virtual private network, or VPN, when connecting to any networks unknown to us or when browsing the web is a good starting point. Also, only access secure websites by confirming they have HTTPS. Be cautious of any potential phishing scams, which can lead to malware and ransomware. Additionally, make sure the credentials of your router are strong, and that your organization has an update policy on the software of all connected devices, to ensure they are shielded..

[Audio] Secure network services are critical for a secure Internet of Things system. These services must include robust authentication, authorization, encryption, and access control. Furthermore, the web, mobile, and cloud interfaces must also be secure in order to protect against any unauthorized access. Ultimately, the biggest threat to any IoT system is the lack of proper security configuration..

[Audio] To ensure the security of IoT systems, it is necessary to implement several measures. These include network separation, firewalls, anti-virus, network analysis, patch management, intrusion prevention system, and intrusion detection system. Implementing these measures can help reduce the possibility of any attack or unauthorized access to the system..

[Audio] The Internet of Things is a powerful tool, however it brings certain risks. As more industrial infrastructure is increasingly interconnected, cyber-attackers can try to exploit any potential security vulnerabilities. To protect against any untargeted attacks, organizations should implement a range of countermeasures such as Firewalls, encryption and regular system updates. In this way, we can guarantee our Industrial infrastructure remains securely protected..

[Audio] All data being gathered and stored must be properly accounted for to ensure its security and privacy. Each device connected to the network must have security configuration that makes them resistant to unauthorised access. The organization's security strategy should be built on the assumption of compromise, so that one can take the necessary precautions. Finally, each device should be protected from physical access, ensuring that its security protocol is lightweight enough for constrained environments. Keeping all this in mind, the security of the IoT will be ensured. It is important to secure networks and devices that are connected to the IoT. Security is not something that can be taken for granted. It requires careful planning, implementation and monitoring to ensure that all data is secure and private. Ultimately, this is the responsibility of the organization to ensure that it is protected from unauthorised access, attack and exploitation. Thank you for your attention..